Google's New Titan Key Looks Super Secure - There’s Just One Problem

Ruben Fields
July 27, 2018

The low-power microcontroller was created to establish a hardware root of trust, meaning another layer of secure authentication.

"On the backend, all you have to do on the admin console is literally check a box that says 'use Titan Security Keys for this app, '" Sadowski said. This means that even if a hacker guessed your password, if they did not have the security key then they still wouldn't be able to access your account or computer.

Probably the most popular maker of Security Keys is Yubico, which sells a basic U2F key for $20 (it offers regular USB versions as well as those made for devices that require USB-C connections, such as Apple's newer Mac OS systems).

For the past two years, Google has given its employees Yubikeys despite the fact that it runs and maintains its own Google Authenticator app.

Two-factor authentication is everywhere these days, but not all methods are equally secure. The upcoming Titan Security Key will look to provide users with a almost unbreakable wall against such attacks, similar to the protection that Google employees have received.

Richarlison wants dreams to come true at Everton
Everton are set to announce the signing of Richarlison from Watford on a five-year deal, Press Association Sport understands. Everton have put their faith in me and I intend to honour this shirt and demonstrate on the pitch why I came here".

If implemented correctly, Mr. Podesta could have potentially prevented the breach using physical security keys since the hackers would have required more than just his password to access his account. Logging into an account with two-factor requires something you know (your password) and something you have (usually a single-use code).

Much like every other technology company, Google has a comprehensive range of products designed exclusively for enterprise use (that are not Android phones, weirdly) Today, the company unveiled their first ever 2FA security solution called the Titan Security Key. In response, the attacker attempts to log in to the real website, which sends an SMS code to the original user.

Security keys follow the Universal 2nd Factor (U2F) standard, which hasn't yet been super widely adopted across the internet. The impressive security stat is due to small USB security keys issued to all 85,000 of the company's employees. According to Google, it solved the phishing problem by giving everyone a hardware security dongle.

In October 2017, Google launched an advanced protection program for people who may have the highest risk of being phished, including journalists, business leaders, and activists, using YubiKey devices. If you're working with sensitive information on a regular basis, you should certainly consider it - regardless of whether you buy a Titan key from Google, one of Yubico's offerings, or an open-source alternative from Berlin-based Nitrokey.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER