Google has now released its in-house security key for anyone that wants to buy one in the US. Called the ‘Google Titan’, the device provides an extra layer of security for any online accounts that support it by requiring you to possess the key alongside your passwords in order to access your accounts.
The release of the device followed the news that Google was able to all but eliminate the problem of phishing scams for its employees by using such security keys.
Related: Internet security guide
The ‘Titan Key’ works as a second form of authentication for your online accounts. You enter your password, and then either pair the Bluetooth dongle or plug in the USB key to prove that you are who you say you are. The Titan supports USB-A for the time being, but a USB-C dongle is in the works.
It effectively means that even if you’ve been a dummy and used the same password for all your online accounts (or you’ve just been incredibly unlucky and fallen pray to one of the numerous hacks that crop up every year) then someone won’t be able to get into your account, even if they have your username and password.
A common alternative to this physical form of two-factor authentication is a code you can receive by text, but even this can be insecure. For one thing, SMS is unencrypted, but equally a motivated scammer could trigger a code to be sent to you, before tricking you into entering that code into a malicious site.
The new key retailed for $50 (around £40), but UK pricing or availability is yet to be announced.
The least bad solution
Physical security keys aren’t perfect. You need to remember to keep them on you, and losing them has the potential to lock you out of your accounts if you don’t have a recovery process set up. These keys also aren’t equipped with any kind of biometric security, so technically someone could steal it from you and still log into your account.
But when Google enters a product category people tend to stand up and take notice. Google didn’t invent the Mesh Wi-Fi Network, but Google WiFi made them a lot more popular.
It will take a little time for the rest of the mobile ecosystem to catch up with the new security key. An early hands on review from TomsHardware points out that Facebook’s integration of the technology doesn’t appear to be working yet, and Twitter doesn’t support the use of physical security keys through either Safari or Chrome on mobile.
But, as the new web standard WebAuthn becomes more popular, these sort of kinks are likely to be ironed out as the ecosystem matures.
Then the only challenge will become making people care about this sort of security in the first place.
Do you use a security key? Let us know @TrustedReviews.