At Google Cloud Next ’18 convention in San Francisco, the company has introduced Titan Security Keys—a tiny USB device, similar to Yubico’s YubiKey, that offers hardware-based two-factor authentication for your online accounts with the highest level of protection against phishing attacks.
These hardware-based security keys are thought to be more efficient at preventing phishing, man-in-the-middle (MITM) and other types of account-takeover attacks than 2FA via SMS, as even if your credentials are compromised, account login is impossible without that physical key.
Earlier this week Google revealed that its 85,000 employees have been using physical security keys internally for months and since then none of them have fallen victim to phishing attacks.
Compared with the traditional authentication protocols (SMS messages), Universal 2nd Factor Authentication (U2F) is extremely difficult to compromise that aims to simplify, fasten and secure two-factor authentication process.
A physical security key adds an extra layer of authentication to an account on top of your password, and users can quickly log into their accounts securely just by inserting the USB security key and pressing a button.
Titan Security Keys is based on the FIDO (Fast IDentity Online) Alliance, U2F (universal 2nd factor) protocol and includes a secure element and a firmware developed by Google that verifies the integrity of security keys at the hardware level.
Titan Security Keys, available now to Google Cloud customers and will be available for anyone to purchase on the Google Store soon, are designed to authenticate logins over USB and Bluetooth.
Bluetooth based wireless keys can be connected to both, your computer and mobile devices.
Just like other U2F security keys, The Titan keys also work with many online services like Google, Dropbox, Facebook, Github, and supported by all major browsers including Chrome, Firefox, and Opera.
There’s no information about the Titan Security Key’s manufacturer, but Google plans to sell both USB- and Bluetooth-based models in a bundle for $50 or separately for around $25 each — possibly in the sub-$10 range in the future.
Moreover, the Titan Security Key won’t have anything to do with Google’s Titan-branded chip used to protect cloud-based servers.
“Titan Security Key gives you even more peace of mind that your accounts are protected, with assurance from Google of the integrity of the physical key,” Google says.