©2019 Security Unleashed | New Delhi

  • Animesh Gupta

Titan Security Keys –Google takes on Yubico with its own security key



At Google Cloud Next '18 convention in San Francisco, the company has introduced Titan Security Keys—a tiny USB device, similar to Yubico's YubiKey, that offers hardware-based two-factor authentication for your online accounts with the highest level of protection against phishing attacks.

These hardware-based security keys are thought to be more efficient at preventing phishing, man-in-the-middle (MITM) and other types of account-takeover attacks than 2FA via SMS, as even if your credentials are compromised, account login is impossible without that physical key.


Earlier this week Google revealed that its 85,000 employees have been using physical security keys internally for months and since then none of them have fallen victim to phishing attacks.


Compared with the traditional authentication protocols (SMS messages), Universal 2nd Factor Authentication (U2F) is extremely difficult to compromise that aims to simplify, fasten and secure two-factor authentication process.


A physical security key adds an extra layer of authentication to an account on top of your password, and users can quickly log into their accounts securely just by inserting the USB security key and pressing a button.


There will be two versions of Google’s key: a USB one that plugs into your computer, and a Bluetooth one that must be paired with a device before use, aimed at users of mobile devices. They will both meet the Fast IDentity Online (FIDO) authentication standard, making them compatible with a range of other sites beyond Google’s own.


Titan Security Keys, available now to Google Cloud customers and will be available for anyone to purchase on the Google Store soon, are designed to authenticate logins over USB and Bluetooth.


Just like other U2F security keys, The Titan keys also work with many online services like Google, Dropbox, Facebook, Github, and supported by all major browsers including Chrome, Firefox, and Opera.


For now, Google hasn't announced pricing for the Titan Security Key but is said to be around $20 or $30.


Google has gradually been tightening the security measures around account logins. In 2017, it replaced SMS codes with smartphone prompts as part of its two-step verification process, after the National Institute of Standards and Technology (NIST) deprecated SMS-based 2FA.


The Titan keys will compete directly with those produced by Yubico, which was also a participant in the Cloud Next conference. Yubico, which confirmed that it isn’t making the Titan keys for Google, said that it had considered a Bluetooth version but decided against it.


Coincidentally, the security of the Bluetooth protocol came under fire this week. A bug in the protocol potentially enables attackers who are in range of a Bluetooth communication to snoop on communications, although many vendors have already fixed the issue