Google's $50 Titan Security Keys for consumer accounts now available in U.S.
Google has started to sell its Titan Security Keys to the public in the United States, expanding the availability of the Google-produced hardware tokens from just its cloud customers to anyone who wants to enhance the security of their Google account -- and they work on the Mac and iOS.
Originally developed as a FIDO security key for internal use before being sold to Google Cloud customers from July, the Titan Security Key's availability has been expanded to anyone who wants to add an extra physical security element to their account. At present, they are available to purchase through the Google Store for customers in the United States priced at $50, with availability in other markets expected soon.
The keys are a form of physical two-factor authentication, in a similar way to how an authenticator app or a text message to a designated smartphone is used. While SMS, code, or push notifications are useful, sophisticated attacks can potentially acquire this data and allow an attacker to reach the account.
Physical security keys, such as Titan Keys or those by Yubikey, are considered to be more secure than the software or information-based two-factor authentication systems. In the case of the Titan Keys, Google advises each includes firmware stored in a secure element hardware chip at the time of production, making it impossible to tamper with the firmware.
Since the keys are used to perform a long cryptographic handshake with the host rather than sharing a short and copyable code, this also makes the use of such keys much more secure.
After supplying the Titan Keys to its approximately 85,000 employees and requiring their use as a second security factor last year, Google claims not to have a single reported or confirmed instance of an account takeover from its staff caused through password phishing.
Consisting of USB and Bluetooth security keys, a USB-C to USB-A adapter, and a USB-C to USB-A cable, the kit is built to FIDO Alliance standards, with the same key able to be used to secure other supporting services, including Facebook, Twitter, and Dropbox.
Mac and iOS devices are supported, but in some cases macOS users may need to use a different browser than Safari to log in.
Originally developed as a FIDO security key for internal use before being sold to Google Cloud customers from July, the Titan Security Key's availability has been expanded to anyone who wants to add an extra physical security element to their account. At present, they are available to purchase through the Google Store for customers in the United States priced at $50, with availability in other markets expected soon.
The keys are a form of physical two-factor authentication, in a similar way to how an authenticator app or a text message to a designated smartphone is used. While SMS, code, or push notifications are useful, sophisticated attacks can potentially acquire this data and allow an attacker to reach the account.
Physical security keys, such as Titan Keys or those by Yubikey, are considered to be more secure than the software or information-based two-factor authentication systems. In the case of the Titan Keys, Google advises each includes firmware stored in a secure element hardware chip at the time of production, making it impossible to tamper with the firmware.
Since the keys are used to perform a long cryptographic handshake with the host rather than sharing a short and copyable code, this also makes the use of such keys much more secure.
After supplying the Titan Keys to its approximately 85,000 employees and requiring their use as a second security factor last year, Google claims not to have a single reported or confirmed instance of an account takeover from its staff caused through password phishing.
Consisting of USB and Bluetooth security keys, a USB-C to USB-A adapter, and a USB-C to USB-A cable, the kit is built to FIDO Alliance standards, with the same key able to be used to secure other supporting services, including Facebook, Twitter, and Dropbox.
Mac and iOS devices are supported, but in some cases macOS users may need to use a different browser than Safari to log in.
Comments
It doesn't log anything, nor does it do anything other than authenticate your user credentials. Far more secure than passwords. Instead of the two-factor authentication you might be using now which generally requires a password and entering a texted security code which bad actors might see/use, this is a much stronger hardware-based solution. No physical key, no account access.
This explains it better than I can:
https://www.yubico.com/solutions/fido-u2f/
Surely you're capable of doing a little research on your own. Do you really need spoon-feeding? I doubt it.
And just so im clear: the company that has been revealed to be secretly invading my privacy in spite of my privacy settings is trying to sell me a device for $50 that helps ensure my data remains private.
As an aside, Google doesn't sell user data. That data is their competitive advantage. They sell the ability to target ads based on interests, not the ability to see users' interests. They collect data.
It isn't to ensure your data remains private, it is to ensure nobody else can impersonate you using your account. One side-effect of account compromise is the attacker can access all the data your account can, but the place holding your data can already do that.
You can use the hardware key with nearly any browser and/or mobile device, and with several major websites beyond Google including Dropbox, Facebook, Twitter, Salesforce, etc.