At its Cloud Next summit, Google announced a new product that aims to make security stronger for its users. The new product called the Titan Security Key is now available to Cloud customers and scheduled for general sale in the coming months.
The Titan Security Key can be used to authenticate logins over Bluetooth and USB, but it includes a special firmware developed by Google to verify its authenticity. “Titan Security Key gives you even more peace of mind that your accounts are protected, with assurance from Google of the integrity of the physical key,” Google said in a post announcing the key.
Google says that the Titan Key is built to the FIDO specification, which is a long-planned authentication standard supported by a number of apps and browsers. Since it supports FIDO, the Titan security key can also be used to log into non-Google services, but they may not be able to take advantage of the same firmware verification that Google offers to its Cloud customers. The security key relies on multi-factor authentication and offers significantly stronger security than a confirmation code.
A confirmation code like the one sent as part of two-factor authentication can sometimes be stolen through a relay attack. Google says users hoping to take advantage of that protection should disallow non-security key login using Advanced Protection program. It is also advisable to keep a second key in protected storage in case you lose the primary key.
Watch: Apple iOS 12: Top features to know
During the Cloud Next conference, Google revealed that it has been testing the key internally for over a year. It is now making the key available outside the company. Google mandates its employees to login with a physical token for security reasons. It also revealed that 85,000 of its employees have not been exposed to phishing attacks in over a year since making security keys mandatory.