Passwords have historically been the gateway to accounts; however we’ve shown that some of the most common passwords and security questions are easy to guess, which leaves accounts potentially vulnerable to hijackers.
Keeping our users and partners secure is a top priority for us and we continue to work hard to help you keep the bad guys out. 2-Step Verification (2SV) is one of the best ways to protect your account from hackers. 2SV combines both ‘something you know’ (like a password) and ‘something you have’ (like your phone or security key). Think of it like withdrawing money from an ATM/cash machine, where you need both your PIN and your bank card.
Millions of businesses use our advertising service, Google AdWords to display their businesses in Search and improve their reach globally. As part of our commitment to our AdWords customers and to demonstrate how easy it is to adopt better security standards, we distributed 2SV security keys to 60 of our largest ad agencies across four countries (UK, Spain, USA, Mexico). The agencies found the keys to be a useful security feature and have implemented 2SV into everyday practices. Here’s the story of two UK ad agencies that piloted this program.
Jellyfish is a full service digital marketing agency with offices in the UK, US and South Africa, and with over 250 staff, Jellyfish prides itself on its dynamic approach—responding to clients’ needs in an ever-changing digital landscape. Ranked the number one digital agency in the UK by The Drum Digital Elite in 2015, Jellyfish boasts an influential client roster including: Nestle, Motors.co.uk, Gatwick Airport, National Geographic, Zipcar etc.
As an agency with paid search as its heritage, Jellyfish utilises Google AdWords to help clients run efficient campaigns and generate the maximum return on investment through search and display opportunities. With the bulk of its clients utilising AdWords accounts, Jellyfish wanted to establish good security practices. Richard Hartley, PPC Director at Jellyfish notes: “AdWords has been the most effective means of running campaigns for our clients. With so much data and personal information involved, we wanted to make the safety of these campaigns a priority.”
Jellyfish consulted with Google’s Trust & Safety team on the best way to protect their clients. Tariq Mohammed, PPC Manager at Jellyfish notes: “Security is always of utmost importance to ourselves and our clients. Any of our accounts being hacked could have a massively harmful effect on our clients, and hence it is something we take very seriously. Anything at all that we can do to help safeguard the security of our clients’ data and spend will be grasped by Jellyfish with both hands.”
Google provided 2SV via security keys, to all Jellyfish clients who were AdWords account holders. “Account hijackers are highly motivated and equipped. The best added protection for accounts is 2SV as it prevents unwanted, third party access,” says Zeyneb Temnenko, Accounts Analyst within Google’s Trust & Safety team. “Enabling 2SV will undoubtedly give Jellyfish the security needed to run clients’ campaigns safely without any concerns about unauthorised account access.”
The introduction of the security keys has had a real impact on the Jellyfish team. “Having already rolled the 2-step verification across every single one of our AdWords logins, we already knew the great benefits of using features like the Authenticator app. Having a physical key that we could link to multiple AdWords accounts, even in the case of us not having our phones, helps us run the account easier,” says Hartley. “The security key emphasises deeper security culture and because it’s a physical device, our staff members are always conscious of it,” added Mohammed.
Jellyfish has rolled out the security keys to all team members in the UK and South Africa, with plans to roll it out across the US office. “When winning new business, I’ve no doubt the keys show just how seriously we take security and therefore the careful management of their accounts and data – it sets us apart from other agencies in the market,” says Hartley.
Based in Regent’s Place, the thriving heart of London’s commercial sector, iProspect is a global digital marketing agency, driving digital performance for some of the world’s largest advertisers across over 50 markets. Its heritage lies in paid search, with 100% of its UK clients taking advantage of search and display opportunities through the Adwords platform.
With Google AdWords accounts playing such an important part in the organisation’s business, it was critical to ensure the security of the clients’ data and their campaigns. Scott Abbott, Head of of Global PPC notes: “The activity we run through AdWords—be it in Google Search, through YouTube, Google Display Network or in Gmail—is crucial to our clients’ business. With over 80 clients and over 900 AdWords accounts, it’s imperative that we take our clients’ data and security seriously. A maliciously compromised login has the potential to put our clients’ business and reputation at risk so security is a big priority for us.”
Google’s Trust & Safety team provided iProspect with security keys to enable 2SV to keep clients’ accounts safe. “2-step verification provides an extra layer of security to prevent unwanted third party access to an account. This in turn prevents the phishing of login credentials and access codes through lookalike sites,” says Google’s Zeyneb Temnenko. “By enabling 2SV, iProspect are securing their clients’ accounts and guaranteeing peace of mind with regards to the safety of their data.”
The introduction of 2SV has dramatically mitigated the risk of logins being compromised through malicious attack. Maeve Ayton, PPC Account Director notes: “Adding 2-step verification with the security keys has given us peace of mind that our Google accounts are secure. It has also increased our clients’ confidence that we are continuing to take every opportunity to protect their data. Another benefit is that one key can be used across multiple accounts ensuring all accounts a user requires access to remain as secure as possible.”
“Introduction of the security keys has been a valued initiative. Even though we anticipate a future with more sophisticated phishing attempts and aggressive tactics to compromise accounts, we are confident that together with Google, we are up to the task of ensuring the safety of our clients’ accounts,” says Abbott.