2 min read
These Titan keys are based on the FIDO standards which Google considers as the strongest and most phishing resistant two factor authentication method. This security key was initially made available to Google Cloud users. Now it is available to the public.
How does the Google Titan key protect your account?
Security keys are based on a standard public key cryptography protocol. The client registers a public key with the online service initially and during the authentication. Then for authentication, the online service asks the client to prove its ownership of the private key with a cryptographic signature.
Google jointly contributed to the two factor authentication technical specifications to the FIDO Alliance and launched support for Gmail in 2014. The company has been working with Yubico and NXP to develop security keys internally from 2012. In a Google Cloud Blog post, Christiaan Brand, Product Manager, Google Cloud stated, “At Google, we have had not reported or confirmed account takeovers due to password phishing since we began requiring security keys as a second factor for our employees.”
Google has engineered the firmware in the chips with security in mind. This firmware is permanently sealed in a secure hardware chip and is resilient to hardware attacks. Therefore the security factor is sealed in the chip itself during manufacture.
FIDO has standardized the authentication protocol used between the client and server. This protocol is being implemented in popular operating systems like Android and Chrome and also the Chrome browser. The security keys can be used to authenticate services like Google, Dropbox, Facebook, GitHub, Salesforce, Stripe, and Twitter.
Do you need it?
If you have important information in your accounts or would like stronger security as an individual or for your organization, the Google Titan key is a good option. It is available for $50 in the Google store (only US for now) and includes a Bluetooth and USB key with the required connectors. For more details visit the Google Cloud Blog.