Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday August 31 2018, @04:26AM   Printer-friendly
from the is-it-still-in-beta? dept.

Google's in-house security key is now available to anyone who wants one

Google's Titan Security Key is finally available to anyone who wants one. The two-factor token went live today in the Google store, with a full kit available for $50, shipping immediately. The kits include a USB key, a Bluetooth key, and various connectors. The key has been available to Google Cloud customers since July, when the project was first publicly announced.

Built to the FIDO standard, the Titan keys work as a second factor for a number of services, including Facebook, Dropbox, and Github. But not surprisingly, they're built particularly for Google account logins, particularly the Advanced Protection Program announced in October. Because the keys verify themselves with a complex handshake rather than a static code, they're far more resistant to phishing attacks than a conventional confirmation code. The key was initially designed for internal Google use, and has been in active use within the company for more than eight months.

Also at TechCrunch, CNBC, and BGR.

Previously: Google Defeats Employee Phishing With Physical Security Keys

Related: No Key, No Login: G Suite Admins Can Now Make FIDO Security Keys Mandatory


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Troll) by jmorris on Friday August 31 2018, @07:37AM (2 children)

    by jmorris (4844) on Friday August 31 2018, @07:37AM (#728651)

    Like most media reports on tech, especially security and crypto, the article is almost anti-knowledge. Google haz magic thing. No passwords. Apple is forted up in their walled garden. That is about the extent of it.

    What I want to know is, are these keyed identically? Google says keep one safe, which implies they are and that would be hella cool. Still means if you lose one you have to replace both, but it would mean you COULD replace them without having to call every business you had registered the thing with and jumping through many hoops. Or watching them ask some stupid "what is your Grandma's maiden name" BS and reset it by automatic. Grr. Having a matched pair solves almost every major concern with using a physical token.

    Don't think I could trust Google in $current_year. But if these really are a standard we should see more reliable vendors selling product made in the 1st world. The idiots in the article think these are getting embedded in phones but that is insanity on stilts. One, phones are probably more secure than Windows but Android is certainly less secure than a Linux/GNU/X install. Second people replace phones every year or two. To have a snowball's chance in Hell of being secure the secured element has to be fixed in the hardware, leading to the problem I mention above of contacting every single place you used the old token. They might could get it into the SIM but that still doesn't help when people switch carriers, sim cards shrink again, etc. No, these need to be stand alone with BT or NFC connectivity.

    Starting Score:    1  point
    Moderation   0  
       Troll=1, Underrated=1, Total=2
    Extra 'Troll' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by PiMuNu on Friday August 31 2018, @11:49AM

    by PiMuNu (3823) on Friday August 31 2018, @11:49AM (#728705)

    More so, is the key based on an open standard. Someone said in another thread "But it's made in China, what if someone hacked it". That's an implementation detail that highlights a flaw in the system architecture.

    So if one were to roll out a two-factor authentication STANDARD, then $Manufacturer could set up a production facility in US if that is an issue (or whatever). Otherwise we just get locked in to another Google service, which they may or may not tie to Evil in the future.

  • (Score: 1) by Muad'Dave on Friday August 31 2018, @01:41PM

    by Muad'Dave (1413) on Friday August 31 2018, @01:41PM (#728733)

    That linked article is four years old as well. Apple now allows apps to use the fingerprint reader to log in.