You should already be using two-factor authentication to prevent unauthorized access to your online accounts. While your phone is up to the task of helping you with that, Google believes it’s time for to take the next step: using a physical security key.
At its ongoing Google Cloud Next event, the company announced that it’s launched the Titan Security Key, which lets you log in to your account on your desktop by authenticating your identity with over USB or Bluetooth.
The Titan key’s USB version plugs into your laptop, while the Bluetooth one works wirelessly and lasts up to six months without needing a battery change. CNET reported that they presently cost between $20 and $25 apiece, but Google said it hoped to bring the cost down to around $10 soon enough.
These aren’t a new invention by any means: Swedish security firm Yubico has been making security keys for several years now, and offers a range of different models that you can use with online services on your desktop and phone – including those from Google.
These devices can help prevent hackers from gaining access to your accounts through phishing attacks: they might be able to trick you into giving up your password with a cleverly crafted email, but they’ll be out of luck if your account requires a physical key to log in.
Google noted earlier this week that since early 2017, not a single one of its 85,000+ employees had fallen prey to such attacks, thanks to the use of these keys. It’s been working on them for a year or so, and is currently offering them to customers of its Cloud service through sales reps.
Should you get one? If you’re working with sensitive information on a regular basis, you should certainly consider it – regardless of whether you buy a Titan key from Google, one of Yubico’s offerings, or an open-source alternative from Berlin-based Nitrokey.
Google says it’ll soon begin selling Titan keys in its online store. It’ll be interesting to see if the company can start a global shift towards the use of these devices with this push. But it’ll have its work cut out for it in building the habit among users: earlier this year, Google engineer Grzegorz Milka said that less than 10 percent of Gmail users use two-factor authentication on their accounts.