Google’s in-house security key is now available to anyone who wants one

https://ift.tt/2wr8HdM


Google’s Titan Security Key is finally available to anyone who wants one. The two-factor token went live today in the Google store, with a full kit available for $50, shipping immediately. The kits include a USB key, a Bluetooth key, and various connectors. The key has been available to Google Cloud customers since July, when the project was first publicly announced.

Built to the FIDO standard, the Titan keys work as a second factor for a number of services, including Facebook, Dropbox, and Github. But not surprisingly, they’re built particularly for Google account logins, particularly the Advanced Protection Program announced in October. Because the keys verify themselves with a complex handshake rather than a static code, they’re far more resistant to phishing attacks than a conventional confirmation code. The key was initially designed for internal Google use, and has been in active use within the company for more than eight months.

According to Google, the production process also makes the keys more resistant to supply chain attacks. “This firmware is sealed permanently into a secure element hardware chip at production time in the chip production factory,” Cloud product manager Christian Braand said in a post today. “The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material.”

You can enable security keys in your Google account from the two-step verification page, or sign up for the Advanced Protection Program here.



from The Verge https://ift.tt/1jLudMg
via IFTTT