Google’s own Titan 2FA security keys arrive for $50 a pair

Google's Titan two-factor security keys
Google's Titan two-factor security keys


Google’s own two-factor authentication (2FA) physical security keys are now available to add an extra layer of protection against phishing attacks. 

Gmail users now have one more ultra-secure option to implement 2FA on their account, which until now has included the Google app or its Authenticator app, or for higher-risk users, hardware security keys from Yubico or Feitian. 

Now users can buy a set of Google’s Titan security keys for $50 on the Google Store. The bundle includes one Bluetooth key for wireless authentication that can be used with Android and iOS devices, as well as computers, while the other needs to be plugged into a USB port on a computer or Android device. NFC support is coming in the future, according to Google.

Google's keys only available in the US store currently but the company says it will be rolling it out to other regions soon.  

The main difference to existing key options are that they come with Google-built firmware that’s added to the keys’ hardware chip during production at the chip making factory, which happens prior to their delivery to the device manufacturer. 

The idea was to protect the firmware and secret cryptographic key material from attackers who get physical access to the keys. 

Google doesn’t guarantee this will prevent all attacks, but argues it making the keys “strongly resistant” to them, from production through to their use.

The Titan keys are also built to FIDO Alliance standards, meaning they can be used with online with services that support FIDO, like Twitter, Facebook and Dropbox, and they will also be compatible with major browsers, including Chrome, Firefox, Opera, and Edge via their support for the W3C’s WebAuthn or Web Authentication, the emerging standard for password-less sign-in. 

The Titan keys can also be used with Google’s recently launched locked down version of Gmail known as the Advanced Protection Program that caters to at-risk uses, such as journalists, politicians and business execs.

Google launched its own Titan key after rolling out hundreds of thousands of Yubico keys for its own staff and claims its staff haven't been successfully phished since. 

One of Yubico’s key criticisms of the Titan Bluetooth model was that Bluetooth requires batteries and that it didn’t meet some of its security standards. Google notes in a support page that the Bluetooth Titan key can still be used via USB if it isn't charged, however it adds that users should avoid fully draining the battery on the key and to “charge the battery often”.


Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags GoogleFirefoxchrometwo factor authenticationYubicoFIDO AllianceMicrosoft Edge

More about AdvancedDropboxFacebookGoogleNFCTwitterW3CYubico

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts

Market Place