First announced last month at Google Cloud Next '18 convention, Titan Security Key is a tiny USB device—similar to Yubico's YubiKey—that offers hardware-based two-factor authentication (2FA) for online accounts with the highest level of protection against phishing attacks.
Google's Titan Security Key is now widely available in the United States, with a full kit available for $50, which includes:
- USB security key,
- Bluetooth security key,
- USB-C to USB-A adapter,
- USB-C to USB-A connecting cable.
What Is Google Titan Security Key?
Titan Security Keys is based on the FIDO (Fast IDentity Online) Alliance, U2F (universal 2nd factor) protocol and includes a secure element and a firmware developed by Google that verifies the integrity of security keys at the hardware level.
It adds an extra layer of authentication to an account on top of your password, and users can quickly log into their accounts securely just by inserting the USB security key and pressing a button.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Titan Security Key is compatible with browsers including Google's Chrome and a number of popular online services like Gmail, Facebook, Twitter, and Dropbox.
"Titan Security Keys are also compatible with the Advanced Protection Program, Google's strongest security for users at high risk," Google Said.
"And Google Cloud admins can enable security key enforcement in G Suite, Cloud Identity, and Google Cloud Platform to ensure that users use security keys for their accounts."
How Does Titan Security Key Secure Online Accounts?
According to Google, the FIDO-compatible hardware-based security keys are thought to be more safe and efficient at preventing phishing, man-in-the-middle (MITM) and other types of account-takeover attacks than other 2FA methods requiring SMS, for example.
This is because even if an attacker manages to compromise your online account credentials, log into your account is impossible without the physical key.
Last month, Google said it started requiring its 85,000 employees to use Titan Security Keys internally for months last year, and the company said since then none of them had fallen victim to any phishing attack.
Google had already made the Titan Security Key available to its Cloud Security customers since July when the company first publicly announced the project.
How to Use Google Titan Security Keys?
To enable Titan Security Keys in your Google account, you need to first buy it from the Google Store.
- Sign in to your Google account and navigate to the 2-Step Verification page.
- Select "Add Security Key" and click Next.
- Now, insert your Titan Security Key and tap the gold disc.
- You'll be asked if Google can see the make and model of your security key. You can select Allow or Block. Allowing the company would make it able to help you in the future if it finds any issue with the type of key you use.
- Follow the instructions displayed on the screen to finish adding the Titan Security Key to your account.
- To help you sign in if your key is lost, add recovery info and backups.
Once you are done, next time when you sign in to your Google Account, your computer will detect that your account has a security key. Just connect your key to the USB port in your computer, and tap it, and you are good to go.
It should be noted that you will be asked for your security key or another second step any time you sign in from a new computer or device.
For any queries regarding the sign-up process, you can head on to the company's support page.
For now, Titan Security Key is only available to U.S. users, though the company says it will make the keys available in additional regions soon.