Google is a very smart company not only in terms of technology, but also in salesmanship. Earlier this week, the search giant announced that none of its 85,000 plus employees had been victims of phishing after it started using physical security keys. Now, the company has launched its own physical security key that anyone will be able to buy – Titan Security Key.
Google – a smart seller
Phishing attacks are a growing concern for businesses and individual users as well. Russian hackers used the same tool to hack the Democratic National Committee. Under phishing attacks, hackers try to trick the users into giving up their passwords. Such attacks are common during the busy tax season or disasters, where hackers try to move you to an impostor website for getting your password.
Google is very well aware of the fear that such phishing attacks have instilled among the users. So, to benefit from it along with providing added security to the users, it has come up with its own physical security key. Google first smartly tried to create a demand for it when a few days back it said that such keys had protected its employees from phishing attacks since last year.
“We have had no reported or confirmed account takeovers since implementing security keys at Google,” Google told KrebsOnSecurity.
Though mostly all are aware of the phishing attacks, not many know that security keys are better protection when compared to 2FA (two-factor authentication). Google’s announcement of protecting its employees from such attacks received massive publicity as it was covered by almost all media channels. This helped the search giant in creating a demand for such hardware, and then, the next logical step was to launch its own security key – Titan Security Key.
Phishing attacks – Google claims to have a cure
Security keys are usually small USB devices that a user can plug in to their systems. They replace 2FA methods, such as text messaging or authenticator apps. Physical security keys are considered more secure because they need a direct connection to function, and hackers will have to steal it from you personally to access the devices.
Google’s Titan Security Key is based on the same logic, but it will be available in two variants – a USB version for desktop or laptop platforms and possibly a Bluetooth-compatible version as well for mobile devices. CNET, which was able to test the device, notes that the security key can work up to six months without a battery change.
According to Google, the Titan Security Key has been developed by its engineers, and the company has been testing it internally since last year. Though the Titan key has the same name as Google’s security chip, it will be using a different set of chips, notes CNET.
“We’re very sure of the quality of the security,” Christiaan Brand – Google’s product manager for identity and security, told CNET. “We’re very sure of how we store secrets and how hard it would be for an attacker to come in and blow the security up.”
For now, the Titan Security Key is available only for Google Cloud customers. Also, there is no information from Google regarding pricing and availability. Currently, the only way to get your hands on the hardware is to click the “Contact Sales” button on Google’s security key web page. However, CNET notes that the device presently costs $20 and $25, but the search giant is hoping to lower the cost to about $10. Also, it is believed that the security key will be available for sale within the next few months in Google’s online store.
Titan Security Key – is it secure?
Yubico, which pioneered this technology, welcomed the new competition, but was also slightly critical of the Google product. Yubico boasts of many big clients, including Facebook. Even Google has been Yubico’s client.
In a blog post following Google’s announcement of the Titan Security Key, Yubico CEO Stina Ehrensvard said that they “are true supporters of open standards.” Further, Ehrensvard talked of Google’s Bluetooth (BLE) capable key, saying that though Yubico “initiated development of a BLE security key, and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability and durability.”
Ehrensvard added that BLE fails to provide the level of security guaranteed by NFC and USB. Also, BLE offers a poor user experience in terms of batteries. A Google spokesperson declined to comment on Ehrensvard’s claims on the BLE.