Phishing, hacking and other online attacks are growing in sophistication that it has become easy to manipulate two-factor authentication (2FA) methods. Websites that masquerade as legitimate login portals can steal 2FA keys. With almost half of all account breaches attributable to phishing, and password theft, Google thought it was evident that typical second authentication factors weren’t doing their jobs. It then launched its hardware security keys called the Titan Security Key.
The Titan Security Key offers two-step verification for safeguarding data on the sites and services against phishing attacks. The hardware keys come in two variants. One with Bluetooth support and another with USB support. While the one with Bluetooth support works with the smartphones, the one with USB support directly plugs into the USB port of the users’ computers.
Google’s Titan Security Key is built on the FIDO specification, a security standard. Titan Security Key can not only be used to secure the host of services offered by Google, which includes Chrome web browser, Gmail, and G Suite, but also with other non-Google services.
The Titan security key requires a user to physically have a device linked to their account that is present at the time of login.
How the Titan security key works
As mentioned earlier, Titan security keys use the FIDO Universal Second Factor (U2F) protocol, which relies on public key cryptography.
If a Titan device is added to an account, it ties a public encryption key to that account, which is verified against a private key using a cryptographic signature supplied by the Titan device during login.
Titan keys also protect against phishing attacks from fake login portals. When a user logs in to a fake portal, the key will know that it isn’t a legitimate website and will stop the login process immediately.
The Titan Security keys contain no personally identifying information, and according to Google, “don’t know who their owner is.” If a key is found, it’s useless to the person who picked it up, unless they know the owner’s account names and passwords.
How to use a Titan security key
A USB key for plugging in to a computer, and a low-energy Bluetooth key are both incredibly easy to use. All you need to do to add them is to browse HERE and follow the instructions. You’ll log in to your Google account’s 2FA page, select the option to add a security key, and follow the onscreen prompts.
Android users need log in to an existing or new device by opening the Settings app, logging in on the Account page, and then following the options to use the Bluetooth-enabled key to sign in wirelessly.
For iOS users, they need to download the Google Smart Lock app to enable the Titan Bluetooth key on their devices. After the app is installed, follow the prompts to log in using your Titan key.
Once you’ve verified your identity on a particular device, you won’t have to log in with your Titan key again–it’s only necessary on new devices or browsers.
Whether Titan security keys will truly change the 2FA game remains to be seen. With the new product, users will be able to take advantage of Google’s Advanced Protection Program which safeguards users’ personal accounts with a series of protective measures which includes a physical security key, limiting Google apps and select third party apps to access users’ emails and Drive, and adding extra steps while verifying user’s identity during the account recovery process.