Small security key connects via Bluetooth or USB, and is designed to bolster two-factor authentication efforts for consumers
Google first revealed its Titan Security Key to the world back in August 2018, but the device was only available on sale in the United States.
Now the key is available for sale to British users, costing £50 and available in two form factors: a key-shaped USB stick and a Bluetooth key fob.
The device is an evolution of what first appeared back in 2017, when Google revealed the existence of its Titan Security chip. This chip was the size of stud earring and was already installed on thousands of servers within Google data centres. It was designed to be predominantly a hardware protection device.
Titan Security Key
The physical key is designed to offer users increased security, by providing two-factor authentication (2FA), which is still one of the best ways to protect against credential stuffing.
Essentially it works by providing a set of physical hardware keys that can be used with a user’s digital accounts.
The two pieces of the Titan hardware set (the key-shaped USB stick and a Bluetooth key fob), both serve the same purpose. They are designed to act as physical authentication tokens that prove that a person is who they say when they are trying to login.
Traditional two-factor authentication has in the past used a SMS code sent to a mobile phone or app. The Titan Security Key basically removes the need for the code to be sent via SMS, and will work in areas where there is no mobile network coverage or Wi-Fi networks.
To setup the Titan key, users will need a Google account with two-factor authentication turned on.
There is an option in the two-factor authentication section to allow for a new hardware login device.
The user should then plug the key into a computer’s USB port. One press of the fob’s button, or a tap of its NFC chip if you’re setting up the USB key, and it will be linked to your Google account.
Once setup, the next time the user needs to access their Google account, they can press the button before entering their password. This removes the need for an SMS message to be sent to your device.
But this is not just a tool designed to work with Google accounts. It uses open source FIDO standards, and can therefore be used for two-factor approval on other websites such as Twitter, Dropbox, Facebook etc.
Google has been steadily ramping up its security credentials.
Earlier this week Google’s Project Zero team revealed six vulnerabilities in Apple’s iMessage client that could be used to carry out attacks on iOS devices, such as the iPhone, with no user interaction.
All six of the issues were patched in Apple’s iOS 12.4 release last week, but Google withheld the details of one of the bugs, saying Apple’s fix had not fully addressed the issue.
Do you know all about security? Try our quiz!