02 Sep 2018

Google has made its Titan Security Key available on its store for $50. Titan Security Key is a small USB device which is similar to Yubico’s YubiKey and offers hardware-based two-factor authentication (2FA) for online accounts provding highest level of protection against phishing attacks.

The full kit of Titan Security Key is now available in the United States for $50 and it includes USB security key, Bluetooth security key, USB-C to USB-A adapter and USB-C to USB-A connecting cable.

The kit provides buyers with two security keys, one of which can act as a backup, in case you lose the other. Although the kit includes two security keys, both are designed differently. The first key can be easily inserted into a laptop’s USB port. In addition, it also has an NFC chip so that it can work over an Android smartphone.

The second key is designed to communicate over both USB and Bluetooth. This is important for mobile devices including the iPhone and iPad, which currently lack the NFC support usually found on Android phones.

Titan Security Keys is based on the FIDO (Fast IDentity Online) Alliance, U2F (universal 2nd factor) protocol and includes a secure element and a firmware developed by Google that verifies the integrity of security keys at the hardware level.

It provides an additional layer of authentication to your account besides your password, and you can easily log into your accounts securely just by inserting the USB security key and pressing a button.

Titan Security Key is compatible with almost all browsers and numerous popular online services like Gmail, Facebook, Twitter, and Dropbox.

Google says that Titan Security Keys are also compatible with the Advanced Protection Program which is Google’s strongest security for users at high risk. The Google Cloud admins can enable security key enforcement in G Suite, Cloud Identity, and Google Cloud Platform to ensure that users use security keys for their accounts.

How Does Titan Security Key Secure Online Accounts?

Google believes that the FIDO-compatible hardware-based security keys are more safe and efficient at preventing phishing, man-in-the-middle (MITM) and other types of account-takeover attacks than other 2FA methods requiring SMS. The reason is that even if a hacker manages to get your online account credentials, it is impossible to log into your account without a physical key.

Last month, Google has reported that they have asked their 85,000 employees to use Titan Security Keys internally for months last year, and since then none of them had fallen victim to any phishing attack.

Initially Google had made the Titan Security Key available to its Cloud Security customers when they first publicly announced the project.

How to Use Google Titan Security Keys?

To enable Titan Security Keys in your Google account, you need to first buy it from the Google Store.

  • Sign in to your Google account and navigate to the 2-Step Verification page.
  • Select “Add Security Key” and click Next.
  • Then insert your Titan Security Key and tap the gold disc.
  • You’ll be asked if Google can see the make and model of your security key. You can select Allow or Block. By allowing the company they would be able to help you in the future if there is any issue with the type of key you use.
  • Follow the instructions displayed on the screen to finish adding the Titan Security Key to your account.
  • To help you sign in if your key is lost, add recovery info and backups.

Once these steps are done successfully the next time when you log into your Google Account, your system will detect that your account already has a security key. You then need to connect your key to the USB port in your computer, and tap it, and you are now logged in.

Note that you will be asked for the security key or another second step any time you sign in from a new computer or device.

As of now Titan Security Key is only available to U.S. users, though the company says it will make the keys available in other regions soon.

Technical Writer,  Blogger,

Leave your thought

This site uses Akismet to reduce spam. Learn how your comment data is processed.