Google Brings the Titan Security Key To More Countries

Google on Wednesday announced it's making its Titan Security Key available via the Google Store in multiple new countries: Canada, France, Japan and the United Kingdom. Google launched the second-factor security key last year, starting with availability in the US. From a report: Google touts the Titan Security Key as one of the best ways to protect Google Accounts from hacking and phishing, especially high-value accounts that are regularly probed and attacked. The key is used as part of Google's Advanced Protection Program. Based on FIDO open standards, the security key comes in both USB and Bluetooth varieties. Back in May, Google had to issue replacements for the Bluetooth keys due to a vulnerability in the pairing process.

Re:

[Dunbal]

Already rooted, by design. "Trust Google".

Re:

[Dunbal]

Can't go to jail if you're "cooperating" by passing the info to the NSA like a good little puppet.

Re:

[ctilsie242]

2FA is pretty simple and secure. The basics have been around since the 1980s and BSD supporting one time passwords via S/KEY, then OPIE.
Shared secrets, provided the endpoints are secure, are proven to be reliable.

What would be nice is to have more than just the authentication part via multi-factor. IBM's ZTIC is a good example of having critical bank transactions confirmed via out of band. These days, a ZTIC device could use a cellular connection, ensuring that any compromised PCs or Wi-Fi networks would

Still don't want one

[Sebby]

I don't know why anyone would trust a 'security key' made by the one of the world's worst privacy rapists.

Re:

[jellomizer]

This is by Google, not Facebook.

While Google Collects a lot of data, it tends to be far more responsible protecting privacy than other companies.

Re:

[Sebby]

This is by Google, not Facebook.

I fail to see any real distinction.

Facebook is a level 1 privacy rapist.
Google is a level 2 privacy rapist.

(Higher = worse). So Google is slightly better. A "slightly better" privacy rapist is still a privacy rapist.

Re:

[blindseer]

I don't know why anyone would trust a 'security key' made by the one of the world's worst privacy rapists.

Because they don't want the competition for your private data?

Re:

[Mark of the North]

I get what you are saying, but many of us work in organizations where Google is embedded anyway and some of our staff is susceptible to phishing attacks. This is certainly the case in my workplace.

Sure, I'd rather lock Google out too, but given that I can't, I'll take locking out the non-Google baddies as a win.

(When I have a choice, I just use Authy.)

Re:

[ISayWeOnlyToBePolite]

Because they are really good at keeping THEIR DATA safe.

Re:FIDO or FIDO2

[jellomizer]

Do you have to press esc twice before you can login?

Just looking

[Kernel Kurtz]

at Google Store in Canada here. Looks like I can buy a bundle with the USB and Bluetooth key for $65. I have no use for the Bluetooth model. If they separate them I might buy one, I've considered a Yubikey for $25 on Amazon. For now I'll just keep using the Google Authenticator app on my phone.

Re:

[BarbaraHudson]

$85 to keep my data "secure" - for some shitty value of secure when they will exploit it any way they can? If they don't want others to exploit people's data, let them give it away. There's no reason to pay a penny to give them exclusivity.

I found a free way to protect my data from Google and any free services I use - stopped using them. No gmail , no YouTube, no maps, no translate, no chrome. Easy way to save $85.

Re:

[Kernel Kurtz]

Well it does not really keep your data "secure", it's just an authentication protocol.

But for whatever service you have not stopped using, 2FA is still a good idea.

Re:

[ISayWeOnlyToBePolite]

There is an open source Fido dongle called SoloKeys https://solokeys.com/ [solokeys.com]
Disclaimer: I don't have one. I am not associated with the project in any way. At some point in my life I just bookmarked the page.

Too expensive

[Dorianny]

Security keys might catch on in the West if they cost ~$5, in the developing world they would have to cost $1 or less

Re:

[Areyoukiddingme]

Security keys might catch on in the West if they cost ~$5, in the developing world they would have to cost $1 or less

Yep. The $50 USD price is just too high. It's the same price as a Yubikey Nano while being much larger physically. You do get both a bluetooth and a USB key for that, but I have no use for the Bluetooth key so it's just e-waste to me. $5 is much more palatable. I'd go as high as $10 or $15 even. $50 sounds like some marketing wonks "optimization" to make people feel like they're getting something special.

Re:

[BarbaraHudson]

Everyone is waiting for Apple to "invent" it and sell them for $800 a piece.

Re:

[Kernel Kurtz]

My employer uses RSA SecurID fobs. The tokens and software are rather expensive, but they are good at what they do.

The key here (no pun intended) it to make it cheap enough for non-enterprise users to have two factor auth. This is another step along that path, that is all.

'Best practices'

[Rick Schumann]

The best way to protect your Google account(s) from hacking or phishing is to not have them in the first place. You also get the added benefit of not being spied on by Google.