Phising is a social engineering method that aims to trick users into giving their passwords. This can normally be mitigated with things called “brain” and “paying attention”, but since we are all humans mistakes may happen on a bad day.
Even Google employees who should be tech savvy fell for the tricks from time-to-time, so Google made employees use 2-factor authentication with a hardware security key since January 2017, and none of Google workers failed for a phising attack since then.
CNET was provided with a sample of Google’s “Titan Security Key”, which comes in both USB and Bluetooth/NFC versions, and will be available for sale in Google’s online store within the next few months.
The full technical details have not been provided for the key, but we do know Titan Security Keys support FIDO protocol, and are built with a secure element and a firmware written by Google that verifies the integrity of security keys at the hardware level.
The keys are said to be compatible with Chrome browser, and beside Google’s website, it also work on GitHub, Facebook, Dropbox, and several other websites. FIDO Universal 2nd Factor (U2F) devices are also supported in Firefox and Edge, so I’d assume Google key may still work with those browsers too. Windows 10 and Linux distributions are also listed as supporting this type of devices. Hardware security keys like Yubikey NEO have been around for a while, but their use has not really taken off among users.
The Titan security key will cost $20 to $25 each, but you’ll also be able to purchase a bundke with both the USB and Bluetooth versions for $50, which does not make any sense, unless at least 3 keys are provided in the bundle.
Via XDA Developers