Phishing attacks are deceptively successful against less experienced users, but even those that consider themselves reasonably technical can occasionally fall prey to the simple approach. According to a recent report by Krebs on Security, Google and its employees aren’t among the 76% of businesses that have been victims of phishing attacks in the last year. In fact, not one of the company’s employees work accounts been successfully phished since 2017, thanks to hardware 2FA security keys. For the uninitiated, 2FA comes in more than software-based authenticator/SMS flavors. You can just as easily make “what you have” a separate hardware device. That also means socially engineered hacks which could intercept the (laughably insecure) SMS-based 2FA systems used by many companies would have no effect on someone using a hardware key.