Google Titan Security Key Prevents Phishing Attacks

Phising is a social engineering method that aims to trick users into giving their passwords. This can normally be mitigated with things called “brain” and “paying attention”, but since we are all humans mistakes may happen on a bad day.

Even Google employees who should be tech savvy fell for the tricks from time-to-time, so Google made employees use 2-factor authentication with a  hardware security key since January 2017, and none of Google workers failed for a phising attack since then.

CNET was provided with a sample of Google’s “Titan Security Key”, which comes in both USB and Bluetooth/NFC versions, and will be available for sale in Google’s online store within the next few months.

Google Titan Security Key
Bluetooth (left) and USB (right) versions of Google Titan Security Key

The full technical details have not been provided for the key, but we do know Titan Security Keys support FIDO protocol, and are built with a secure element and a firmware written by Google that verifies the integrity of security keys at the hardware level.

The keys are said to be compatible with Chrome browser, and beside Google’s website, it also work on GitHub, Facebook, Dropbox, and several other websites. FIDO Universal 2nd Factor (U2F) devices  are also supported in Firefox and Edge, so I’d assume Google key may still work with those browsers too. Windows 10 and Linux distributions are also listed as supporting this type of devices. Hardware security keys like Yubikey NEO have been around for a while, but their use has not really taken off among users.

The Titan security key will cost $20 to $25 each, but you’ll also be able to purchase a bundke with both the USB and Bluetooth versions for $50, which does not make any sense, unless at least 3 keys are provided in the bundle.

Via XDA Developers

Support CNX Software - Donate via PayPal or become a Patron on Patreon

6
Leave a Reply

avatar
4 Comment threads
2 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
6 Comment authors
theguyukTired8281MagicMonkeyAnonymous Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
John S
Guest
John S

Looks like the same design as Feitan ePass and MultiPass keys, I wonder if they manufacture these (or if it’s even the same hardware just with different firmware). Feitan’s hardware is availble in both USB+NFC and USB+NFC+BLE variants in those same two cases. The Feitan-branded U2F keys are $17 and $25 on amazon, though they were something like $8 and $16 in the past with a long running automatic coupon. Maybe it was an introductory offer.

I’ve never been able to get BLE U2F to work, personally.

MagicMonkey
Guest
MagicMonkey

Some news articles on the internet state that software is written by Google.

Looking at Feitan website it looks like you could order your-company-branded versions of their products.

I love FIDO2 with fingerprint reader dongle with USB-C on their website, but sadly you cannot buy that.

Anonymous
Guest
Anonymous

These appear to be rebadged Feitian products.

https://www.ftsafe.com/products/FIDO

Tired8281
Guest
Tired8281

I have the original version of the Bluetooth/NFC/USB key (branded Feitian), and it’s actually really awesome. If a device has NFC, I can just tap it. If it’s a device with Bluetooth that I use a lot, I can pair it and use it wirelessly. For everything else, it has microUSB (for which I always carry a cable in my pocket to charge my phone). It seems to never run out of battery…I’ve never charged it, I actually think it gets enough charge just from the few times I connect it via USB to use it. If this Google version is the same, it’s worth getting.

theguyuk
Guest
theguyuk