Home United States USA — software Google Titan Security Key Kit Now on Sale for $50

Google Titan Security Key Kit Now on Sale for $50

240
0
SHARE

Google’s physical Titan security keys, available now on the Google Store, can help you protect your Google, Facebook, or Dropbox accounts from sophisticated phishing attacks.
Starting today, Google’s Titan Security Keys are now on sale via the Google Store for $50. The kit provides buyers with two security keys, one of which can act as a backup, in case you lose the other.
Titan Security Keys look and function like any other security keys on the market, so don’t expect anything game-changing. But Google’s keys can help you protect your Google, Facebook, or Dropbox accounts from sophisticated phishing attacks.
Unfortunately, most people are still protecting their accounts with a mere password, which can make them all too easy to crack. A hacker can simply guess the login credentials or craft an email to try and trick you into giving up the details.
To prevent account takeovers, the tech industry is pushing two-factor authentication (2FA). This forces a user to log in with both a password and another piece of information, usually a one-time passcode generated on a smartphone. The biggest internet services all offer 2FA as a free solution to help protect online accounts, but this setup isn’t completely hack-proof either.
In rare cases, a persistent attacker can actually defeat two-factor authentication, said Christiaan Brand, Google Cloud product manager.
Cybercriminals can access the one-time 2FA passcode sent to your phone through what’s called  » SIM swapping, » in which they impersonate the victim and dupe a cellular provider into giving up access to the person’s mobile phone account. Or they can spoof an email from Google and convince victims to log into a Gmail page that’s actually under the control of a hacker.
Brand said two-factor authentication certainly makes it much harder for bad actors to break into your account. However, one-time passcodes generated over your phone can still be phished, in large part because passwords and special codes are all digital, making them easy to send and replicate.
That’s why Google has been investing in security key technology; it introduces a physical element into the equation. Hackers based miles away in another city or country may be able to guess your password, but without the actual security key, they still won’t be able to break into the account.
The technology also works against phishing attacks that trick you into visiting phony websites under the control of the hacker. The security key will only begin the authentication process on the real website, not on dummy web pages that appear legit to the human eye.
Starting last year, Google has been giving physical security keys to all company employees, and since then, the company has reported no confirmed takeovers of work-related accounts.
Using a security key involves registering the device with the online account you want to protect. Services including Google, Facebook, Dropbox, Twitter, and Github all support the technology, which you can activate in account settings, usually under the security section. (Here’s a guide on using a security key with Google’s Advanced Protection Program, its highest account security system.)
Upon activation, you’ll be asked to connect the key to your computer. Once the registration process is completed your account will now be tied to the security key.
You’ll also notice that services such as Google, Facebook, and Dropbox allow you to register more than one key, or de-list any of them. This is available in the event you lose a key and need to use a backup.
Although Google’s Titan kit includes two security keys, both are designed differently. The first key can be easily socketed into a laptop’s USB port. In addition, it also has an NFC chip so that it can work over an Android smartphone.
The other key is specifically designed to communicate over both USB and Bluetooth. This is important for mobile devices including the iPhone and iPad, which currently lack the robust NFC support usually found on Android phones. That said, the NFC chip in the Titan keys don’t work on Android phones right now, according to Google, though it should be up and running later this year.
PCMag tried the Titan keys and found them to be generally easy to set up, but no different from other products on the market. Google’s product also uses the FIDO authentication protocol, which other tech giants and security key makers have all adopted. So if you already own a security key, you’re not missing out with Google’s take on the technology.
People unfamiliar with security keys will have some questions. For instance, do I have to keep logging into my account with the key? The answer is no, you don’t. The key is generally only needed for first-time logins from a new device. So feel free to travel without it.
But what if I lose a key? Well, don’t panic.
« If you lose a key or drop it in the street, that key doesn’t have any identifying information on you, » said Sam Srinivas, a Google product management director. The company’s Titan security keys have also been designed with hardware to resist attacks that can extract the cryptographic information inside. To protect yourself, you should simply de-list the lost key from your online accounts.
During our short test of the Titan keys, PCMag found that it may take a few tries to set them up with your online accounts. For whatever reason, our laptop and iPad didn’t always read the initial authentication request from the devices when connecting over USB and Bluetooth. So it may take some patience.
The Bluetooth version of the key is also encased in a hard plastic that may not survive the toughest drops. It also uses a battery that lasts for six months. The good news is that you can recharge it via a micro-USB port.
For now, Google is only selling the Titan security keys in its online store in the US as a pair, but it plans to make them available to other markets soon. Enterprise customers who use Google Cloud can purchase individual keys.

Continue reading...