Phising is a social engineering method that aims to trick users into giving their passwords. This can normally be mitigated with things called “brain” and “paying attention”, but since we are all humans mistakes may happen on a bad day.
Even Google employees who should be tech savvy fell for the tricks from time-to-time, so Google made employees use 2-factor authentication with a hardware security key since January 2017, and none of Google workers failed for a phising attack since then.
CNET was provided with a sample of Google’s “Titan Security Key”, which comes in both USB and Bluetooth/NFC versions, and will be available for sale in Google’s online store within the next few months.
The full technical details have not been provided for the key, but we do know Titan Security Keys support FIDO protocol, and are built with a secure element and a firmware written by Google that verifies the integrity of security keys at the hardware level.
The keys are said to be compatible with Chrome browser, and beside Google’s website, it also work on GitHub, Facebook, Dropbox, and several other websites. FIDO Universal 2nd Factor (U2F) devices are also supported in Firefox and Edge, so I’d assume Google key may still work with those browsers too. Windows 10 and Linux distributions are also listed as supporting this type of devices. Hardware security keys like Yubikey NEO have been around for a while, but their use has not really taken off among users.
The Titan security key will cost $20 to $25 each, but you’ll also be able to purchase a bundke with both the USB and Bluetooth versions for $50, which does not make any sense, unless at least 3 keys are provided in the bundle.
Via XDA Developers
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
Looks like the same design as Feitan ePass and MultiPass keys, I wonder if they manufacture these (or if it’s even the same hardware just with different firmware). Feitan’s hardware is availble in both USB+NFC and USB+NFC+BLE variants in those same two cases. The Feitan-branded U2F keys are $17 and $25 on amazon, though they were something like $8 and $16 in the past with a long running automatic coupon. Maybe it was an introductory offer.
I’ve never been able to get BLE U2F to work, personally.
Some news articles on the internet state that software is written by Google.
Looking at Feitan website it looks like you could order your-company-branded versions of their products.
I love FIDO2 with fingerprint reader dongle with USB-C on their website, but sadly you cannot buy that.
These appear to be rebadged Feitian products.
https://www.ftsafe.com/products/FIDO
I have the original version of the Bluetooth/NFC/USB key (branded Feitian), and it’s actually really awesome. If a device has NFC, I can just tap it. If it’s a device with Bluetooth that I use a lot, I can pair it and use it wirelessly. For everything else, it has microUSB (for which I always carry a cable in my pocket to charge my phone). It seems to never run out of battery…I’ve never charged it, I actually think it gets enough charge just from the few times I connect it via USB to use it. If this Google version… Read more »
Are these the same thing ?
http://uk.farnell.com/ftdi/ftdi-usb-key/usb-security-key-ftdichip-id/dp/2419959
That one looks to be a copy-protection device, so that whatever software is installed on the computer can only be used with that key. So completely different.