In the past few days we have seen reports from Google that since their 85,000 employees have been using a physical key for 2FA signing in there has not been a single phishing incident. This was also the case for G Suite users using a physical key. Now Google wants to share the love and sell you your own security key.
On the Google Cloud website details for the security keys that Google are looking to bring to the Google Store are sparse although there is an image of them. They are based on the keys that Google employees have been using with great success apparently testing it internally since early 2017.
We’re very sure of the quality of the security. We’re very sure of how we store secrets and how hard it would be for an attacker to come in and blow the security up.Christiaan Brand, a Google product manager for identity and security
The pair of 2FA hardware keys are called the Titan Security Keys with one a USB version and one a Bluetooth version with a USB-C charging port. Both keys will also apparently support NFC. It is expected to be reasonably priced with the keys priced around the $20-25 mark or as a bundle for around the $50 (doesn’t seem like much of a saving buying the bundle).
The new security keys are available now to Google Cloud customers and will come to the Google Store in the coming months. With less than 10% of Google users using 2FA Google are hoping many users take up this hardware 2FA.
How insecure do these become if someone manages to pinch it?
Also is this just for your Google accounts or is it going to replace (or work with) LastPass and the like?
Is this any more or less secure that using the Google Authenticator app or is 2FA just 2FA regardless?
Is there any advantage to using this over a Yubikey?
Looks like it’s the same thing to me just Google branded…