Google gets serious about security with its own ‘Titan’ key

Google has announced a new security key that's designed to keep your accounts safe online. Called the 'Titan Key', the hardware will be used to enable two-factor authentication, and will be available in both USB and Bluetooth variants.

Hot off the heels of Google announcing that it’s managed to all but eliminate the problem of phishing scams for its employees by using security keys, the company has unveiled a security key of its own that it plans to sell to consumers, Cnet reports.

Related: Internet security guide

The ‘Titan Key’ works as a second form of authentication for your online accounts. You enter your password, and then either pair the Bluetooth dongle or plug in the USB key to prove that you are who you say you are.

It effectively means that even if you’ve been a dummy and used the same password for all your online accounts (or you’ve just been incredibly unlucky and fallen pray to one of the numerous hacks that crop up every year) then someone won’t be able to get into your account, even if they have your username and password.

A common alternative to this physical form of two-factor authentication is a code you can receive by text, but even this can be insecure. For one thing, SMS is unencrypted, but equally a motivated scammer could trigger a code to be sent to you, before tricking you into entering that code into a malicious site.

The new key will sell for between $20-$25 (Google appears not to have picked a final price) and is available for Google Cloud customers to buy now. The Titan will go on general sale from the Google Store ‘soon’. A representative from Google was unable to confirm UK pricing or availability at this time.

The least bad solution

Physical security keys aren’t perfect. You need to remember to keep them on you, and losing them has the potential to lock you out of your accounts if you don’t have a recovery process set up. It might also be a challenge to get people to care, considering so many people still don’t obey standard practices like having different passwords for every online account.

But when Google enters a product category people tend to stand up and take notice. Google didn’t invent the Mesh Wi-Fi Network, but Google WiFi made them a lot more popular.

As the new web standard WebAuthn becomes more popular, security keys like this are going to become a lot more useful for accessing your online accounts.

One of the biggest issues with online security at the moment is how your phone number has inadvertently become a ‘master key’ for all your online accounts.

Even if you forget your password, even if you lock yourself out, then chances are you can regain access to most accounts using the phone number that’s associated with them.

But recently reports have emerged of people being able to ‘hijack’ people’s SIM cards, take control of their phone numbers, and use this to gain access to any accounts associated with them.

So while Google’s security key is a decent step in the right direction, the web still has a lot of problems it needs to solve in order to protect our security.

Do you use a security key? Let us know @TrustedReviews. 

Privacy Settings