Google Titan Security Keys Availability Announced, $50 A Pop
Google employees from the CEO to staff level developers have no history of getting phished, socially engineered or data breached. Not because all of them are the superhuman genius that will never be scammed by naughty cybercriminals, far from it as Googlers are also human. The secret is the mandatory use of Titan Security Keys, the USB flash-drive looking device which prevents an attempted phishing event from becoming successful, through the principle of two-factor authentication.
The same Titan Security Keys are now publicly available for purchase, giving people the same corporate Google-level two-factor authentication at a reasonable price of $50 per device. The Titan Security Keys were originally produced and used by Googlers, but starting July it became accessible for public purchase. This can help secure Google services like Gmail, Youtube, and other Google web apps. Just like any Google hardware, they are offered for sale through the Google Play Store.
The $50 Titan Security Key has two variants, one version for wireless use (NFC or Bluetooth LE available) the other form factor is the standard USB-A/NFC, with an included USB-A to USB-C adapter for those new computers released without USB-A port. The wireless version has enough battery power to last half a year and rechargeable using the standard micro USB port. Aside from standard Google-owned services, the Titan Security Keys also supports Dropbox, OneDrive, Facebook, GitHub, Salesforce, and Twitter.
Christiaan Brand, Google’s Cloud Product Manager stated: “The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material.” This is to help people understand that the keys can never be cloned nor bypassed through the analysis of the electronic mechanism or the motherboard built into the Titan Security Key’s internals.
Google expects enterprise-class support for the keys, even the Bluetooth version. This is a complete contradiction of what Yubico, the original manufacturer of the keys have said during the pre-production phase of the product: “Google’s offering includes a Bluetooth (BLE) capable key. While Yubico previously initiated development of a BLE security key and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability, and durability. BLE does not provide the security assurance levels of NFC and USB and requires batteries and pairing that offer a poor user experience.”
People who choose to use the keys are automatically enrolled to Google’s Advanced Protection Program, which brings the security parity of using the device similar to the Google employees using the same hardware.
Aside from Windows PCs, Android devices and MacOS the Titan Security Security Keys also support iOS devices and apps under the platform that follows the FIDO-protocols.
Google has opened a microsite containing FAQ (Frequently Asked Questions) for using the Titan Security Keys: https://support.google.com/accounts/answer/6103523.
The microsite also offers information on how to Add the Key to a user’s Google account, sign-in using the key and how to recover the account if the key is lost.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.