Google recently claimed that it has not witnessed any “account takeovers” since it implemented security keys. Now the search giant is offering the same level of protection to anyone willing to part with $50 and buy its Titian Security Key.
What is the Titan Security Key?
On Thursday, Google launched the Titan Security Key, which is basically a two-factor authentication (2FA) token, to improve users’ security and make it harder for hackers to breach online accounts. The security key is based on standards set by the FIDO Alliance, which gives out specifications and certifications for other companies to follow to add an additional layer of security.
Google claims the firmware responsible for the token’s cryptographic operations has been developed with security in mind. During the production phase, the “firmware is sealed permanently into a secure element hardware chip” in the production factory, the search giant says.
“The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material,” the company added.
Explaining the process further, the company says the secured chips are then sent to the manufacturing line to make the physical security key device. This means the core element of the Titan Security Key is put safely in the sealed chip in the initial stage of the manufacturing process.
The search giant made the Titan Security Key available to Google Cloud users last month. Now it can be purchased by anyone who feels they need a better tool to protect their online assets. Google’s Titan Security Key is now available for purchase in the Google Store. For $50, you will get a USB key, Bluetooth key and other connectors you might require.
Why do you need a security key?
We usually use a password to log in to all our online accounts, such as Gmail, Facebook, or Dropbox. However, using a password is not secure enough even if you use a different strong password for each site. The next level of security is two-factor authentication or 2FA, under which you use a one-time code sent to you via a message or email, in addition to the password. These codes can be intercepted, and thus, they can be used to hack your account.
The Titan Security Key, which can be seen as a master password for all your online accounts, is more secure because a hacker will need your password and the physical security key to get into your account. Google’s security key can protect you from phishing attacks, man-in-the-middle attacks and more. You will also need to enter your password for the site.
Setting up the key is also easy. You just need to go to Google’s two-factor authentication page and select the option to add a new security key. Next, plug the key into your system, and you are done. Whenever you need to access any account, either on your system or another, first you need to enter your password and then insert the USB key into the system and press the small gold button on it.
To access an online account on your mobile, the process remains the same, but instead of the USB key, you will use the Bluetooth key. With the security key, the only thing you have to be careful about is not to lose it because if you don’t have the keys, you can’t access your supported online accounts. The Bluetooth module also needs to be charged.
If you lose the security key, you can try to access your account from the system where you are still logged in. Otherwise, you will have to wait three to five days for Google to reset your password. It must be noted that currently, not all sites support security keys, but sites like Facebook and Dropbox do support them.
Is Google’s security key secure?
Google is not the only brand selling security keys; names like Yubikey and Feitian have been offering similar products already. However, Google believes its Titan Security Key is better than others on the market. Prior to launching its own security key, Google has been using “hundreds of thousands of FIDO U2F-enabled Yubico devices internally” for years.
Last month, when Google announced plans to launch its own security key, Yubikey criticized the search giant for supporting Bluetooth. Yubikey, a major developer of security keys, claims that supporting Bluetooth may risk users’ security if an attacker is within a short distance of the Bluetooth device.
Yubikey said that though it developed a Bluetooth key, it eventually decided not to launch it as it “does not provide the security assurance levels of NFC and USB, and requires batteries and pairing that offer a poor user experience.”