What is the Google Titan Key?
Could this be the end of all phishing attacks?
Tuesday 7th August 2018
At Scanguard, we’re big fans of two factor authentication, and we think it’s a very sensible tool in the fight against phishing. If you don’t have 2FA set up yet, you can try it out on sites like Amazon, and even HMRC.
But Google’s just introduced a hardware device that goes one step further.
Its new Titan Key promises to protect users against phishing attacks by ensuring that every login is securely verified. The Key is like a small USB stick, and it works in a similar way to your bank’s security token, exchanging information with the site and allowing you to log in.
Secure Logins via USB or Bluetooth
Using the Titan Key, you can securely verify logins to sites hosted by Google as well as third parties with a press of the button on the key. So it can check that it’s really you when log into G Suite (formerly Google Apps), and it can also verify your identity when you access your Facebook account -- for example.
Google’s trialled this internally. In 2017, 85,000 employees used them, and there were zero account hacks.
On a basic level, the site you log into and the Titan Key have a key pair. If you try to log into a fake site using the Titan Key, the login won’t work, because the scammers won’t be able to create the code that the Titan Key needs to verify the login.
The Titan Key uses FIDO Universal 2nd Factor security, or U2F for short, and it works with mobile or desktop logins.
Google’s targeting the Titan Key key at IT workers, but there’s no reason why security-conscious personal users can’t have them. Although it can be a bit of a hassle to carry a USB device around, the plus side is that it prevents almost all phishing attacks -- so it’s an inconvenience worth considering.
Also, if you’re not a fan of typing in 2FA codes, or you prefer not to carry your phone around all the time, a hardware key is likely to be a more convenient solution. You still need a password, but the additional level of security is handled by the key, not the SMS code or authentication app.
Titan Key Pricing and Availability
The Google Titan Key is available as a Bluetooth or a USB device; you’ll need the Bluetooth one if you want to use it with your phone or tablet.
It isn’t the first device in its class; there’s also the YubiKey, which is already established (and gets rave reviews), and also the Feitian range of keys.
The Yubikey retails for around £40 in the UK. The Titan Key’s price isn’t decided, but rumours suggest that it’ll retail for $20-$50 in the USA, depending on the model. A UK price hasn’t been announced.
If you do decide to use a physical security key, remember: forget your key, or lose it, and you’re locked out of everything. If you’ve not tried 2FA yet, start there.
Award winning antivirus protection from Scanguard. Stay 100% safe from malware and online threats.