谷歌出售自家USB密匙，稱員工使用以來從未遭黑客攻擊！

Google starts selling $50 "Titan" USB security keys after finding NONE of its employees were hacked since the tech giant made staff use them

谷歌開始出售50美元的「泰坦」USB安全密鑰，並表示自從讓員工使用這些密鑰以來，沒有員工遭到黑客攻擊過

▌ 部分素材來源於CNN，世界播團隊翻譯

Google has started selling its own USB security keys in a bid to stop customer"s accounts being hacked.

谷歌已經開始出售自己的USB安全密鑰，以阻止客戶的帳戶被黑。

The Titan Security Key, which comes with both USB and Bluetooth versions, is on sale now for $50 from Google"s online store.

泰坦安全密鑰，帶有USB和藍牙版本，現在在谷歌的在線商店以50美元的價格出售。

The USB security key works with desktop machines, and the Bluetooth version with mobile devices, and the pack also comes with a USB-C to USB-A adapter and a USB-C to USB-A connecting cable.

USB安全密鑰適用於台式機，藍牙版本適用於移動設備，包裝還配有USB-C到USB-A適配器和USB-C到USB-A連接線。

『We"re very sure of the quality of the security," Christiaan Brand, a Google product manager for identity and security, said.

谷歌負責身份與安全的產品經理布蘭德說，「我們對該產品的安全質量非常有信心。」

"We"re very sure of how we store secrets and how hard it would be for an attacker to come in and blow the security up."

「我們非常確定我們存儲機密的方式，以及攻擊者想進入並摧毀這個安全設施是非常難的。」

The Titan should work on any device with a USB port or a Bluetooth connection.

泰坦安全密鑰應該在任何帶有USB埠或藍牙連接的設備上工作。

"Titan Security Keys have extra "special sauce" from Google—firmware that"s embedded in a hardware chip within the key that helps to verify that the key hasn"t been tampered with," the firm says.

該公司表示，「泰坦安全密鑰有來自谷歌的額外『特製品』——它是隨密鑰嵌入到硬體晶元中的固件，有助於驗證密鑰是否被篡改。」

It comes a day after Google said it has managed to completely stop its employee"s account being hacked by requiring them to use physical security keys.

就在一天前，谷歌表示，它已經通過要求員工使用這種物理安全密鑰，完全阻止了員工賬戶被黑。

In 2017, the tech giant began giving out physical security keys to all 85,000 employees, according to KrebsOnSecurity.

據KrebsOnSecurity透露，2017年，這家科技巨頭開始向所有8.5萬名員工發放物理安全鑰匙。

Security Keys are inexpensive USB-based devices often costing less that $20, which require the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device or USB key).

安全密鑰是便宜的基於USB的設備，通常花費不到20美元，這需要用戶使用他們知道的東西(密碼)和他們擁有的東西(例如，移動設備或USB密鑰)登錄到一個網站。

And since then, no employees have reported any confirmed takeovers of work-related accounts, Google said.

谷歌表示，自那以後，都沒有出現員工工作賬戶被入侵的情況。

Researchers say protecting your account with a password often isn"t enough, and tech firms have developed new methods, often needing a mobile phone or a hardware key, such as the Security Key system used by Google.

研究人員說，用密碼保護賬戶通常是不夠的，科技公司已經開發出了新的方法，通常需要手機或硬體密鑰，比如谷歌使用的安全密鑰系統。

A Google spokesperson said Security Keys now form the basis of all account access at Google.

谷歌的一位發言人表示，安全密鑰現在構成了谷歌所有賬戶訪問的基礎。

"We have had no reported or confirmed account takeovers since implementing security keys at Google," the spokesperson said.

這位發言人說，「自谷歌實施安全密鑰以來，我們還沒有發現有賬戶被黑。」

"Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time."

「由於許多不同的軟體/原因，用戶可能會被要求使用他們的安全密鑰進行身份驗證。這完全取決於應用程序的敏感性以及用戶在那個時候的風險性。」

The idea, known as two-factor authentication, mean even if hackers know your password, they still cannot log in to your account unless they also hack or possess that second factor - usually your phone or USB key.

這種被稱為雙因素身份認證的想法意味著，即使黑客知道你的密碼，他們仍然無法登錄到你的賬戶，除非他們也侵入或擁有第二個因素——通常是你的手機或USB密鑰。

The most common forms of 2FA require the user to supplement a password with a one-time code sent to their mobile device via text message or an app.

雙因素身份認證最常見的形式是要求用戶通過簡訊或應用程序將一次性密碼發送到移動設備，以補上密碼。

The Security Key used by Google uses a form of multi-factor authentication known as Universal 2nd Factor (U2F), which allows the user to complete the login process simply by inserting the USB device and pressing a button on the device.

谷歌使用的安全密鑰使用一種稱為「通用第二個因素」的多因素身份驗證形式，用戶只需插入USB設備並在設備上按下按鈕即可完成登錄過程。

Sites including Dropbox, Facebook, Github, and Google"s services support the new devices, with more being added daily.

Dropbox、Facebook、Github和谷歌等網站都支持這款新設備，使用量每天都在增加。

Currently, U2F is supported by Chrome, Firefox, and Opera.

目前，Chrome、Firefox和Opera都支持U2F。

Microsoft says it expects to roll out updates to its flagship Edge browser to support U2F later this year.

微軟表示，預計將在今年晚些時候推出支持U2F的旗艦瀏覽器Edge更新。

Apple has not yet said when or if it will support the standard in its Safari browser.

蘋果尚未表示何時或是否會在Safari瀏覽器中支持這一設備。

For non employees Alphabet"s Google offers an "advanced protection program" to provide stronger email security for some users such as government officials, political activists and journalists who are at a higher risk of being targeted by sophisticated hackers.

Alphabet旗下的谷歌為非員工提供了一項「高級保護計劃」，為政府官員、政治活動人士和記者等一些用戶提供了更強的電子郵件安全保護，這些用戶更有可能成為老練的黑客攻擊的目標。

Google users will have the ability to opt in to security settings aimed at protecting Gmail, Google Drive and YouTube data from phishing attacks.

谷歌用戶將能夠選擇安全設置，以保護Gmail、谷歌驅動器和YouTube數據免受釣魚攻擊。

The advanced protection features include an option to require a physical USB security key to connect to a desktop computer before each log-in as a way to verify a user"s identity.

高級保護功能包括一個選項，在每次登錄前需要一個物理USB安全密鑰連接到桌面計算機，作為一種驗證用戶身份的方式。

Mobile log-ins will require a Bluetooth wireless device.

移動登錄將需要一個藍牙無線設備。

Advanced protection users will have their data walled off from access by any non-Google third-party applications, such as the Apple iOS mail client or Microsoft Outlook.

受高級保護的用戶數據不會被任何非谷歌的第三方應用程序訪問，比如蘋果iOS郵件客戶端或微軟Outlook。

The program also includes a more laborious and detailed account recovery process to prevent fraudulent access by hackers who try to gain access by pretending they have been locked out.

該計劃還包括一個更費力、更精細的賬戶恢復過程，以防止黑客通過假裝自己被鎖定來進行欺詐性訪問。

Although Google has previously supported the use of security keys for what is known as two-factor authentication, advanced protection users will have no backup log-in method available if they lose their keys other than the fuller account recovery process.

雖然谷歌以前支持對所謂的雙因素身份驗證使用安全密鑰，但是如果高級保護用戶丟失了除完整的帳戶恢復過程之外的密鑰，那麼他們將無法使用備份登錄方法。

The rollout of a suite of new email security services follows a U.S. presidential election last year shaped in part by the disclosure of emails belonging to associates of Democratic candidate Hillary Clinton that were obtained through phishing schemes.

一套新的電子郵件安全服務在去年美國總統大選後推出，部分原因是民主黨候選人希拉里?柯林頓助手的電子郵件通過網路釣魚被泄露。

U.S. intelligence agencies have concluded that those hacks, which included a breach of Clinton campaign manager John Podesta"s personal Gmail account, were carried out by Russia as part of a broader cyber campaign to help Donald Trump, a Republican, win the White House.

美國情報機構得出結論稱，這些黑客行為包括對希拉里競選團隊經理約翰?波德斯塔個人Gmail賬戶的攻擊，是俄羅斯為幫助共和黨人唐納德?特朗普贏得白宮而展開的更廣泛網路行動的一部分。

"If John Podesta had Advanced Protection last year, the world might be a very different place," said Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, who was briefed on the new features by Google.

民主與技術中心首席技術專家洛倫佐?霍爾簡要介紹了谷歌設備的新功能，「如果約翰?波德斯塔去年得到了先進的保護，世界可能會變得截然不同。」

Hall said the new features would increase the number of high-risk consumers with strong protections against phishing campaigns.

霍爾說，新的功能將使高風險消費者的數量越來越多，他們通過獲得強有力的保護以對抗網路釣魚活動。

But he noted that they may create compatibility issues among some who already integrate custom security tools with their Google products.

但他指出，在一些已經將自定義安全工具與谷歌產品集成的人當中，它們可能會造成兼容性問題。

Google created a web page, g.co/advancedprotection, to walk users through setting up advanced protection, including where to purchase USB and Bluetooth security keys on Amazon.

谷歌創建了一個網頁g.co/advancedprotection，可引導用戶設置高級保護，包括在亞馬遜上購買USB和藍牙安全密鑰。

微信關注「世界播」，天下大事盡在掌握！中英雙語呈現，還可以加強英語學習哦！這事你怎麼看？歡迎留言探討

喜歡這篇文章嗎？立刻分享出去讓更多人知道吧！