Gojek steps up GSuite security with YubiKey hardware-based authentication
Gojek is Southeast Asia ’ s leading on-demand , super app provider , connecting individuals with a wide range of services including transport , payments , food delivery , logistics , and much more . Founded in 2010 with the goal to provide solutions to Jakarta ’ s ever-present traffic problems , Gojek started as a call center with a fleet of only 20 motorcycle-taxi drivers .
With the principle of using technology to improve the lives of people , the Gojek app was launched in January 2015 to provide users in Indonesia with motorbike ride-sharing ( GoRide ), delivery ( GoSend ), and shopping ( GoMart ) services . Today , Gojek has transformed into a “ Super App ”. It is a one-stop platform with more than 20 services , connecting users with more than 2 million registered driver-partners , 400,000 GoFood merchants , and 60,000 GoLife service providers – with more than 130 million total downloads across the region . By providing their users with seamless access to products and services across multiple sectors , Gojek continues to improve efficiency and productivity for Indonesian citizens , as well as boost economic and financial inclusion .
With more than 5,000 internal employees , Gojek understood the necessity to secure company data , while also delivering a simple and friendly user experience . Traditional username and password-based logins aren ’ t secure enough in today ’ s world , and they ’ re also cumbersome for employees . Malware and phishing attacks compromise credentials daily , resulting in new reports of account takeovers every day .
As a GSuite-based infrastructure , Gojek chose to work with Yubico , the leading provider of hardware authentication security keys , to deploy YubiKeys for strong , one-touch authentication . One single YubiKey can secure a multitude of online services with no user information or private keys shared between the service providers . There is no reliance on or requirement for mobile connectivity , cellular devices , mobile apps or manual code entry .
Gojek is looking to replicate the massive success and results that Google has seen using security keys internally for their entire workforce . Based on Google ’ s two year study * to measure the business impact of hardware-based authentication , several benefits can be highlighted :
Heightened security : Internal accounts protected solely with a YubiKey and FIDO U2F have experienced a significant increase in the level of security with zero account takeovers .
Accelerated employee productivity : Employees saw a significant reduction — by nearly 50 percent — of the time to authenticate using a YubiKey compared with using a one-time password ( OTP ) via SMS . Logins were nearly four times faster when comparing the YubiKey to Google Authenticator . Time saved is primarily due to the unique , one-touch YubiKey authentication that executes in milliseconds .
Reduced support : Compared to using a phone for authentication , YubiKeys are easy to use , robust in design , waterproof and do not easily break . These attributes allowed Google to issue multiple YubiKey backups to each employee and still see cost savings . Support calls dropped , with a 92 % reduction in support incidents , saving thousands of hours per year in support costs .
Source https :// research . google / pubs / pub45409 /
U2F for USB 1 2
Enter name and password
Insert YubiKey and tap
“ With the YubiKey seamlessly integrated with GSuite , Gojek employees will be able to fortify their logins by turning on Google 2-Step Verification and self-registering their YubiKey with their accounts . Once registered , access to accounts can only be granted with physical access to their YubiKey and touch to the device , providing the highest level of security and protection when logging into GSuite .”
— George Do , Chief Information Security Officer , Gojek