A Google representative recently revealed that the over 85,000 of the company’s employees have been using physical security keys, which are USB-based devices that offer an alternative approach to two-factor authentication (2FA), and it has yielded a high success rate since being deployed in 2017. Google has now unveiled its very own physical security solution called the ‘Titan Security Key’, which uses the multi-factor authentication Universal 2nd Factor (U2F) standard.
The physical manifestation of U2F lets users access different services without the need of entering a password received on a linked device. The standard currently has support for Chrome, Firefox and Opera, with more services expected to jump the U2F bandwagon soon.
Google claims that the Titan Security Key provides a huge convenience when it comes to signing in to secure sites, as users no longer have to rely on receiving a code on another registered device such as a smartphone, and can verify their identity by just plugging in the USB key and pressing a key. Google’s security solution has support for multiple devices and apps, has received FIDO (Fast IDentity Online) security certification and employs Google’s in-house firmware to verify the integrity of security keys.
“2-step verification with a security key uses cryptography to provide two-way verification: it makes sure you’re logging into the service you originally registered the security key with, and the service verifies that it’s the correct security key as well. This provides superior protection to text-message verification”, Google wrote in an official blog post.
Google claims that the Titan Security Key offers a higher level of protection against phishing, especially in cases where a malicious party pretends to a be a Google service/page and asks for 2-step verification codes. Moreover, it will be compatible with all forms of Chrome browser and services provided by the likes of Facebook, Dropbox and Microsoft among others. As for availability, the Titan Security Key is already available through Google representatives and will soon be available in Google Stores.
On the other hand, Yubico, a company which is regarded as a pioneer in the domain of physical security keys, has some doubts regarding Google’s offering, especially the level of security it offers and the vulnerability it hosts.
“Google’s offering includes a Bluetooth (BLE) capable key. While Yubico previously initiated development of a BLE security key, and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability and durability. BLE does not provide the security assurance levels of NFC and USB, and requires batteries and pairing that offer a poor user experience”, read Yubico’s official blog post.
