Google is launching a new device called Titan Security Key. The aim of the device is to provide stronger security by integrating 2 factor authentication. The two factor authentication for titan Security key will not deploy authentication via text or email. Rather, you have to plug in the device to complete the login process. The gadget will identify whether the user is actually you or not.
CEO of Area 1 Security Oren Falkowitz says that the number of cyber attacks is increasing massively. With all those cyber attacks, the users did not use two factor authentication, and when the users used them, accessing the login credentials became extremely difficult for the hackers. He said, “We see consistently that in a large percentage of cyber incidents, had individuals had some sort of multi-factor authentication, they would have at least delayed—or made it slightly harder—for attackers to gain access”.
Engineers have different views on two factor authentication. There are various types of two factor authentication such as verification via SMS, email, and then there are physical devices like Titan Security Key. Lorrie Faith Cranor, a professor of computer science at Carnegie Mellon University and a former chief technologist with the Federal Trade Commission says that authentication via SMS is the worst form of two factor authentication. This is because SMS transmission is done through channels with lower security facility. It is true that 2-factor authentication via SMS is obviously better than 1 step verification but the former has several flaws. Hence, it is very easy for hackers to compromise it.
Using Google Titan Security key is not difficult. The device has a button. You have to plug the device to your PC and snap on the button. You do not have to type any code. This security key is for everyone. All though it is not yet launched for the public, but Google will release the device for public very soon. According to Google, “G Suite, Google Cloud Platform, and Cloud Identity admins and users enrolled in the Advanced Protection Program have access to sensitive data and systems. While security keys are recommended for all users for stronger protection against phishing, enforcing security keys for admins and other high-value users should be the first step.”
Titan Security Key supports FIDO protocol. FIDO stands for Fast Identity Online. The key has been built with a high secure element and a firmware written by Google. The firmware checks the integrity of security keys at the hardware level.