Google starts selling $50 ‘Titan’ USB security keys

Google has started selling its own USB security keys in a bid to stop customer’s accounts being hacked.

The Titan Security Key, which comes with both USB and Bluetooth versions, is on sale now for $50 from Google’s online store. 

The USB security key works with desktop machines, and the Bluetooth version with mobile devices, and the pack also comes with a USB-C to USB-A adapter and a USB-C to USB-A connecting cable.

 

The Titan Security Key, which comes with both USB and Bluetooth versions, is on sale now for $50 from Google’s online store. 

‘We’re very sure of the quality of the security,’ Christiaan Brand, a Google product manager for identity and security, said.  

‘We’re very sure of how we store secrets and how hard it would be for an attacker to come in and blow the security up.’

The Titan should work on any device with a USB port or a Bluetooth connection. 

‘Titan Security Keys have extra ‘special sauce’ from Google—firmware that’s embedded in a hardware chip within the key that helps to verify that the key hasn’t been tampered with,’ the firm says.

It comes a day after Google said it has managed to completely stop its employee’s account being hacked by requiring them to use physical security keys.

In 2017, the tech giant began giving out physical security keys to all 85,000 employees, according to KrebsOnSecurity.

Security Keys are inexpensive USB-based devices often costing less that $20, which require the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device or USB key). 

And since then, no employees have reported any confirmed takeovers of work-related accounts, Google said. 

Google’s advanced protection features include an option to require a physical USB security key to connect to a desktop computer before each log-in as a way to verify a user’s identity.

Researchers say protecting your account with a password often isn’t enough, and tech firms have developed new methods, often needing a mobile phone or a hardware key, such as the Security Key system used by Google.   

A Google spokesperson said Security Keys now form the basis of all account access at Google.

‘We have had no reported or confirmed account takeovers since implementing security keys at Google,’ the spokesperson said. 

‘Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.’

HOW DO I USE GOOGLE’S ADVANCED PROTECTION SYSTEM?

The advanced protection features include an option to require a physical USB security key to connect to a desktop computer before each log-in as a way to verify a user’s identity. 

Mobile log-ins will require a Bluetooth wireless device.

Two Security Keys are required to enroll so that you’ll have a backup key in case you lose your main key.

 A wireless-enabled key that can connect to both your computer and mobile devices should act as your main key, Google says.

Advanced protection users will have their data walled off from access by any non-Google third-party applications, such as the Apple iOS mail client or Microsoft Outlook.

The program also includes a more laborious and detailed account recovery process to prevent fraudulent access by hackers who try to gain access by pretending they have been locked out.

Google created a web page to walk users through setting up advanced protection, including where to purchase USB and Bluetooth security keys on Amazon.

The idea, known as two-factor authentication, mean even if hackers know your password, they still cannot log in to your account unless they also hack or possess that second factor – usually your phone or USB key.

The most common forms of 2FA require the user to supplement a password with a one-time code sent to their mobile device via text message or an app.  

The Security Key used by Google uses a form of multi-factor authentication known as Universal 2nd Factor (U2F), which allows the user to complete the login process simply by inserting the USB device and pressing a button on the device.

Sites including Dropbox, Facebook, Github, and Google’s services support the new devices, with more being added daily.

Currently, U2F is supported by Chrome, Firefox, and Opera.

Microsoft says it expects to roll out updates to its flagship Edge browser to support U2F later this year.  

Apple has not yet said when or if it will support the standard in its Safari browser. 

For non employees Alphabet’s Google offers an ‘advanced protection program’ to provide stronger email security for some users such as government officials, political activists and journalists who are at a higher risk of being targeted by sophisticated hackers.

The $20 Yubikey that can be used on a desktop computer

The $20 Yubikey that can be used on a desktop computer

Google users will have the ability to opt in to security settings aimed at protecting Gmail, Google Drive and YouTube data from phishing attacks.

The advanced protection features include an option to require a physical USB security key to connect to a desktop computer before each log-in as a way to verify a user’s identity. 

Mobile log-ins will require a Bluetooth wireless device.

Advanced protection users will have their data walled off from access by any non-Google third-party applications, such as the Apple iOS mail client or Microsoft Outlook.

The program also includes a more laborious and detailed account recovery process to prevent fraudulent access by hackers who try to gain access by pretending they have been locked out.

Although Google has previously supported the use of security keys for what is known as two-factor authentication, advanced protection users will have no backup log-in method available if they lose their keys other than the fuller account recovery process.

The rollout of a suite of new email security services follows a U.S. presidential election last year shaped in part by the disclosure of emails belonging to associates of Democratic candidate Hillary Clinton that were obtained through phishing schemes.

U.S. intelligence agencies have concluded that those hacks, which included a breach of Clinton campaign manager John Podesta’s personal Gmail account, were carried out by Russia as part of a broader cyber campaign to help Donald Trump, a Republican, win the White House.

‘If John Podesta had Advanced Protection last year, the world might be a very different place,’ said Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, who was briefed on the new features by Google.

Hall said the new features would increase the number of high-risk consumers with strong protections against phishing campaigns. 

But he noted that they may create compatibility issues among some who already integrate custom security tools with their Google products.

Google created a web page, g.co/advancedprotection, to walk users through setting up advanced protection, including where to purchase USB and Bluetooth security keys on Amazon.

Read more at DailyMail.co.uk