In July, Google had announced the Titan Security keys built with hardware chip to verify key integrity. Now they are available for purchase from the Google store. The security key looks like a dongle and provides two factor authentication which is more secure than just a username and password.
These Titan keys are based on the FIDO standards which Google considers as the strongest and most phishing resistant two factor authentication method. This security key was initially made available to Google Cloud users. Now it is available to the public.
Security keys are based on a standard public key cryptography protocol. The client registers a public key with the online service initially and during the authentication. Then for authentication, the online service asks the client to prove its ownership of the private key with a cryptographic signature.
Google jointly contributed to the two factor authentication technical specifications to the FIDO Alliance and launched support for Gmail in 2014. The company has been working with Yubico and NXP to develop security keys internally from 2012. In a Google Cloud Blog post, Christiaan Brand, Product Manager, Google Cloud stated, “At Google, we have had not reported or confirmed account takeovers due to password phishing since we began requiring security keys as a second factor for our employees.”
Google has engineered the firmware in the chips with security in mind. This firmware is permanently sealed in a secure hardware chip and is resilient to hardware attacks. Therefore the security factor is sealed in the chip itself during manufacture.
FIDO has standardized the authentication protocol used between the client and server. This protocol is being implemented in popular operating systems like Android and Chrome and also the Chrome browser. The security keys can be used to authenticate services like Google, Dropbox, Facebook, GitHub, Salesforce, Stripe, and Twitter.
If you have important information in your accounts or would like stronger security as an individual or for your organization, the Google Titan key is a good option. It is available for $50 in the Google store (only US for now) and includes a Bluetooth and USB key with the required connectors. For more details visit the Google Cloud Blog.
Google introduces Cloud HSM beta hardware security module for crypto key security
Google’s Protect your Election program: Security policies to defend against state-sponsored phishing attacks, and influence campaigns
Defending Democracy Program: How Microsoft is taking steps to curb increasing cybersecurity threats to democracy