Google Titan Security Key Prevents Phishing Attacks

Phising is a social engineering method that aims to trick users into giving their passwords. This can normally be mitigated with things called “brain” and “paying attention”, but since we are all humans mistakes may happen on a bad day.

Even Google employees who should be tech savvy fell for the tricks from time-to-time, so Google made employees use 2-factor authentication with a  hardware security key since January 2017, and none of Google workers failed for a phising attack since then.

CNET was provided with a sample of Google’s “Titan Security Key”, which comes in both USB and Bluetooth/NFC versions, and will be available for sale in Google’s online store within the next few months.

Google Titan Security Key
Bluetooth (left) and USB (right) versions of Google Titan Security Key

The full technical details have not been provided for the key, but we do know Titan Security Keys support FIDO protocol, and are built with a secure element and a firmware written by Google that verifies the integrity of security keys at the hardware level.

The keys are said to be compatible with Chrome browser, and beside Google’s website, it also work on GitHub, Facebook, Dropbox, and several other websites. FIDO Universal 2nd Factor (U2F) devices  are also supported in Firefox and Edge, so I’d assume Google key may still work with those browsers too. Windows 10 and Linux distributions are also listed as supporting this type of devices. Hardware security keys like Yubikey NEO have been around for a while, but their use has not really taken off among users.

The Titan security key will cost $20 to $25 each, but you’ll also be able to purchase a bundke with both the USB and Bluetooth versions for $50, which does not make any sense, unless at least 3 keys are provided in the bundle.

Via XDA Developers

Share this:
FacebookTwitterHacker NewsSlashdotRedditLinkedInPinterestFlipboardMeWeLineEmailShare

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

ROCK 5 ITX RK3588 mini-ITX motherboard

6 Replies to “Google Titan Security Key Prevents Phishing Attacks”

  1. Looks like the same design as Feitan ePass and MultiPass keys, I wonder if they manufacture these (or if it’s even the same hardware just with different firmware). Feitan’s hardware is availble in both USB+NFC and USB+NFC+BLE variants in those same two cases. The Feitan-branded U2F keys are $17 and $25 on amazon, though they were something like $8 and $16 in the past with a long running automatic coupon. Maybe it was an introductory offer.

    I’ve never been able to get BLE U2F to work, personally.

    1. Some news articles on the internet state that software is written by Google.

      Looking at Feitan website it looks like you could order your-company-branded versions of their products.

      I love FIDO2 with fingerprint reader dongle with USB-C on their website, but sadly you cannot buy that.

  2. I have the original version of the Bluetooth/NFC/USB key (branded Feitian), and it’s actually really awesome. If a device has NFC, I can just tap it. If it’s a device with Bluetooth that I use a lot, I can pair it and use it wirelessly. For everything else, it has microUSB (for which I always carry a cable in my pocket to charge my phone). It seems to never run out of battery…I’ve never charged it, I actually think it gets enough charge just from the few times I connect it via USB to use it. If this Google version is the same, it’s worth getting.

    1. That one looks to be a copy-protection device, so that whatever software is installed on the computer can only be used with that key. So completely different.

Leave a Reply

Your email address will not be published. Required fields are marked *

Khadas VIM4 SBC
Khadas VIM4 SBC