Google’s USB Hardware Security Keys

Google Security

Today’s Internet users have a plethora of online accounts, whether they remember signing up for them or not. The high number of accounts with our personal information stored on them poses a great security risk and often we find that two factor authentication isn’t good or full proof enough. Two factor authentication is definitely a good and worthy deterrent against data breaches and hacking but it’s certainly not infallible. Google, the reigning sovereign of the Internet, has itself turned to a more physical approach to cyber security. Long touting hardware USB security keys as the simple answer, Google has now begun to produce its own.

A hardware security key is a physical device which uses USB to connect to a computer, and it uses software with key codes to run a program. This ensures that only the bearer of the key (you) can use that program and they cannot be copied, even by you. Essentially the key functions as a login. They are a low cost, high efficiency way to keep your data safe. Google is definitely urging consumers to begin utilizing this tech. In fact, they claim that since implementing the hardware security keys in their own organization in 2017, their employees have had absolutely no phishing issues (phishing is when a scammer poses as a legitimate being in order to steal your information). If that’s true, then that’s pretty impressive.

USB Security Hardware Key

This is probably what led Google to initiate manufacturing their own brand of security keys to the public. That, and profit, of course. They named it the Titan Key and not much is known about it, except that it is not associated with Google’s previous security key supplier, Yubico. We do know that the Titan requires a physical key to login. Also, it will have two types: Bluetooth for mobile devices and USB for desktops and laptops. Currently, they are offering these USB keys only to Google Cloud customers but it’s likely they will extend their range to the general populace. We’re not sure what Google will be charging for their Titan, but current models of other brands (including Yubico’s) are roughly $20-25.

The beauty of hardware security keys is that they are very difficult to compromise. How would they be remotely accessed? They are very difficult, if not impossible, to duplicate and perhaps the most risky thing about them is that you could potentially lose them or that they might, for whatever reason—perhaps damage, malfunction. Remember that these devices are not USB flash drives and do not hold data. Since these hardware keys don’t actually store any information except the code to allow you access to your software, if you lose or damage your key you will not have to replace your work. You will just need a new key to give you access.

But it’s not all roses with Google. Their previous source for their hardware USB keys, Yubico, is probably not pleased with this sudden competition, especially from such a corporate giant like Google, who had previously endorsed their products. Yubico has made it quite clear that they’re not at all involved with Google’s new product, and instead seem to be throwing some subtle shade at them for choosing to go BLE (Bluetooth) with their platform. They claim they tried Bluetooth but that it didn’t meet their stringent standards of security and nixed it. Bluetooth technology is often fraught with connectivity issues and may pose an additional security hazard so perhaps their sneer is warranted. Also, Yubico is quick to point out that their products and programs are manufactured in the US and Sweden, thus implying Google does not.