A few days ago at the Next conference, Google made an announcement of a new product it designed which it calls Titan Security Key and it is at the moment available to customers of Cloud and it hopes that in the months to come, it will be available for sale. What this Key does is authenticate logins over Bluetooth and USB the same way Yubico and other providers like it do. A representative of Google told our sources that the Titan key also comes with a firmware that is developed by Google to verify its authenticity.
In a post the company said that, “Titan Security Key gives you even more peace of mind that your accounts are protected, with assurance from Google of the integrity of the physical key.”
There is a long-planned authentication benchmark supported by quite a number of apps and browsers called FIDO in which the Titan key is built into. And because of this, the device could be used to log into services that are not even owned by Google, only problem is that those services will not be able to use the firmware verification. Google accounts have supported security keys since 2014 and very much like the other keys before it, Titan provides a stronger security than a confirmation code that could easily be stolen via a relay attack.
Users who want to be able to use this protection should make sure that they do not permit the logins of non-security keys that are available through Google’s Advanced Protection program. Furthermore, it would be wise to have a second key and protect it just in case the primary key gets lost or stolen.
It has gone over a year since Google has been running some tests on this key internally, and only recently did the company decide to make it public. It is expected of employees at Google to log in with physical tokens for reasons of security and this procedure has worked over time. The tech giant announced that since the policy was implemented in the early part of 2017, not one account has been taken over successfully.