- Google’s Titan Security Key is now available for sale.
- It adds a second layer of security to your important logins. Even if an attacker had your username and password, they’d need your key to take over your account.
- The package includes two keys and adapters, and costs $50.
A new Google product, launched to the public on Wednesday, is worth considering for anyone who thinks they needs better protection for their personal data and files.
You can now buy the Titan Security Key from Google. It’s a little dongle that you plug into your computer or pair with your phone to help keep your accounts safe.
You may already have two-factor authentication turned on for some of your online accounts – meaning that when you log in with a username and password, you have to enter a second code, usually texted to you or delivered through an app.
The security keys replace the text-message part of that login process. Plug in the key, press a button, and you won’t need to enter a code. Experts find that it’s a safer way to do security, at least partially since it’s way easier for a remote hacker to hijack your phone number than it is for them to grab a physical dongle off your keychain.
There are a few different brands of security keys available, because there’s an official interoperability standard, called FIDO. Many companies uses YubiKey, for example, including Google. But Google’s new security key comes with some proprietary additions, including a hardware chip that Google says helps keep the key secure.
In the Titan package, you get two keys: One with USB, for logging into a laptop or desktop computer, and one with Bluetooth and Near Field Communications (NFC) support, to help secure your phone.
For iPhone users, you’ll have to download Google’s Smart Lock app for the security to work. There’s also a USB-C adapter, so you can still use it even if your laptop only has those ports, like Apple’s MacBook Pro.
It worked for Google
One of the most common ways that people get hacked is through spearphishing. Basically, attackers craft an email that looks just like something you’d normally be inclined to click, like a bill or an email telling you to change your password. If you put your username and password into that fake site, then the attacker has it, and will probably try to use it to take over your account.
For businesses, campaigns, newsrooms, and other groups who handle sensitive data, this can be a big problem. All it takes is one employee who gets fooled to cause a bad breach. Many of the emails leaked during the last presidential campaign were obtained starting with a phishing emails.
Google says it has successfully fought off phishers using security keys – a security key won’t work to log you in to a fake site.
None of Google’s 85,000 employees had their work accounts compromised since it started requiring security keys to log in, the company said.
“We have had no reported or confirmed account takeovers since implementing security keys at Google,” Google told Business Insider in July.
If it worked for Google, it will probably work for you.