Google introduces Titan Security Key

GoogleA new Google product, launched on Wednesday, is worth considering for anyone who thinks they needs better protection for their personal data and files. 

You can now buy the Titan Security Key from Google. It’s a little dongle that you plug into your computer or pair with your phone to help keep your accounts safe.

You may already have two-factor authentication turned on for some of your online accounts — meaning that when you log in with a username and password, you have to enter a second code, usually texted to you or delivered through an app.

The security keys replace the text-message part of that login process. Plug in the key, press a button, and you won’t need to enter a code. Experts find that it’s a safer way to do security, at least partially since it’s way easier for a remote hacker to hijack your phone number than it is for them to grab a physical dongle off your keychain. 

There are a few different brands of security keys available, because there’s an official interoperability standard, called FIDO. Many companies uses YubiKey, for example. But Google’s new security key brings some proprietary secret sauce, including a hardware chip that Google says helps keep the key secure. 

In the Titan package, you get two keys: One with USB, for logging into a laptop or desktop computer, and one with Bluetooth and Near Field Communications (NFC) support, to help secure your phone. 

For iPhone users, you’ll have to download Google’s Smart Lock app for the security to work. There’s also a USB-C adapter, so you can still use it even if your laptop only has those ports, like Apple’s MacBook Pro. 

It worked for Google 

One of the most common ways that people get hacked is through spearphishing. Basically, attackers craft an email that looks just like something you’d normally be inclined to click, like a bill or an email telling you to change your password. If you put your username and password into that fake site, then the attacker has it, and will probably try to use it to take over your account. 

For businesses, campaigns, newsrooms, and other groups who handle sensitive data, this can be a big problem. All it takes is one employee who gets fooled to cause a bad breach. Many of the emails leaked during the last presidential campaign were obtained starting with a phishing emails. 

Google says it has successfully fought off phishers using security keys — a security key won’t work to log you in to a fake site.

None of Google’s 85,000 employees had their work accounts compromised since it started requiring security keys to log in, the company said.

“We have had no reported or confirmed account takeovers since implementing security keys at Google,” Google told Business Insider in July. 

If it worked for Google, it will probably work for you. 

Get the latest Google stock price here.