One of the few hardware announcements at the software-heavy Cloud Next is the Titan Security Key. This method of two-factor authentication is particularly resistant to phishing, with Google deciding to offer its own solution for high-value users. Fortunately, anybody is able to purchase one and use with a free Google Account.
The Titan Security Key is like any other physical two-factor authentication device. In fact, it looks identical to one offered by Feitian (ePass Fido NFC) with some slight tweaks. Design-wise, it’s white — rather than black — with the word “Titan” engraved on the rear. Feitian already offers color customizations and printing/laser engraving with bulk purchases.
A gold button indents when clicked and features a flashing green light when plugged in. Up top is a hole where users can string through a keychain for portability. Going off Feitan’s specs, the key’s body is made of ABS and calcium carbonate through injecting molding, while the entire package is waterproof for ruggedness.
Titan Security Keys are aimed at high-value Cloud customers like top administrators. Google provides assurances for “the integrity of the physical key” thanks to custom firmware aimed at making “sure that the server can make out if someone’s trying to man in the middle you.”
The key aim to compliment the existing marketplace of 2FA vendors rather than replace it with Google over the years hearing from customers that wanted a first-party solution.
However, it’s also available for regular users of Gmail, Google Drive, and other free G Suite applications. This set-up involves heading to “My Account” and then “Sign-in & security.” On the “Signing in to Google” page, there is a “2-Step Verification” setting where you can “Add security key.”
The process is very simple with users walked through every, which mainly entails plugging in the key and tapping the button when prompted. All future sign-ins will default to the Security Key over any other method. However, a menu on the log-in screen will let users switch to other methods, like Google Prompt or SMS if your key is not accessible.
The first time you sign-in on a phone you’ll be asked to set up the key for that device with Bluetooth, NFC, or USB. We currently have the variant with the latter two connections, but Google will also be offering a fob without a port and just Bluetooth/NFC authentication. The current lack of a USB-C model is unfortunate, but the USB-A connector works with an adapter on both my laptop and phone.
At the end of the day, Google is bringing its brand to the 2FA market. Back in January, Google noted that less than 10% of account owners use any method of two-factor authentication. Google making its own key — and importantly selling it on the Google Store — will definitely spur more average, but still technically savvy, users to give two-factor authentication a try.
As a long-time user of the Google Prompt, I prefer using the Security Key that is now on my key ring. It’s not a major change to my habits, and I think that most people would not find it too significant a hassle to adopt day-to-day for all the security benefits it provides.