Yesterday, Google shared a rather surprisingly statistic when it claimed that none of its 85,000 employees have had their work accounts compromised since early 2017. Those are some secure accounts, especially when you consider that they’re associated with one of the largest companies in the world and are therefore prime targets for phishing attacks. What was the secret? Google began requiring its employees to use hardware security keys for two-factor authentication.
Two-factor authentication is everywhere these days, but not all methods are equally secure. While SMS-based two-factor authentication is definitely better than just securing your account with a password and hoping for the best, that method does have its vulnerabilites. Physical keys, on the other hand, are widely considered to be a more secure two-factor method, and the claims Google made yesterday back that notion up.
Perhaps it shouldn’t be a surprise, then, that Google is looking to get into the security key business itself. Today, the company announced a new product called the Titan, which is a physical, FIDO-compatible key that can be used to secure accounts that support such hardware. Many of the world’s big websites already support two-factor authentication through security keys, including Facebook and Twitter.
An in-depth hands-on over at CNET states that the Titan will be available in two varieties: USB and Bluetooth. With the USB key, you’ll simply plug it in to a free USB port on your PC and press the button on the key to verify your identity, while the Bluetooth key can be used for wireless verification on mobile devices.
Google told CNET that it’ll offer both types of keys in a bundle that costs around $50, while each key will be available separately for around $20 or $25. For now, Titan keys are only available to Google Cloud customers – who can sign up to try them for free – but the company says that we’ll soon see them offered to everyone through the Google Store. Stay tuned.