Defending against account takeovers with passkeys and DBSC
9 months ago
- #Google Workspace
- #Cybersecurity
- #Account Security
- Attackers are intensifying phishing and credential theft methods, driving 37% of successful intrusions.
- Cookie and authentication token theft has risen by 84% in 2024 compared to the previous year.
- Google Workspace introduces three security enhancements: passkey support, Device Bound Session Credentials (DBSC), and a shared signals framework (SSF) receiver.
- Passkeys offer phishing resistance, ease of use, and strong security, being 40% faster than passwords.
- DBSC enhances post-authentication protection by binding session cookies to the originating device.
- The Shared Signals Framework (SSF) enables real-time security signal exchange to detect and respond to threats.
- Google recommends enabling passkeys and DBSC to prevent account takeovers from phishing and infostealers.