Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Google's $50 Titan Security Keys for consumer accounts now available in U.S.

Google has started to sell its Titan Security Keys to the public in the United States, expanding the availability of the Google-produced hardware tokens from just its cloud customers to anyone who wants to enhance the security of their Google account — and they work on the Mac and iOS.

Originally developed as a FIDO security key for internal use before being sold to Google Cloud customers from July, the Titan Security Key's availability has been expanded to anyone who wants to add an extra physical security element to their account. At present, they are available to purchase through the Google Store for customers in the United States priced at $50, with availability in other markets expected soon.

The keys are a form of physical two-factor authentication, in a similar way to how an authenticator app or a text message to a designated smartphone is used. While SMS, code, or push notifications are useful, sophisticated attacks can potentially acquire this data and allow an attacker to reach the account.

Physical security keys, such as Titan Keys or those by Yubikey, are considered to be more secure than the software or information-based two-factor authentication systems. In the case of the Titan Keys, Google advises each includes firmware stored in a secure element hardware chip at the time of production, making it impossible to tamper with the firmware.

Since the keys are used to perform a long cryptographic handshake with the host rather than sharing a short and copyable code, this also makes the use of such keys much more secure.

After supplying the Titan Keys to its approximately 85,000 employees and requiring their use as a second security factor last year, Google claims not to have a single reported or confirmed instance of an account takeover from its staff caused through password phishing.

Consisting of USB and Bluetooth security keys, a USB-C to USB-A adapter, and a USB-C to USB-A cable, the kit is built to FIDO Alliance standards, with the same key able to be used to secure other supporting services, including Facebook, Twitter, and Dropbox.

Mac and iOS devices are supported, but in some cases macOS users may need to use a different browser than Safari to log in.



20 Comments

gatorguy 13 Years · 24627 comments

Great idea but I'd be concerned about how durable those are. For now I'm sticking with Yubikey.

gatorguy 13 Years · 24627 comments

lkrupp said:
Is this a joke? 

Hardly. It's an exceptionally secure way of authenticating your account. I use my Yibikey a couple times a week.

bobolicious 10 Years · 1178 comments

gatorguy said:
lkrupp said:
Is this a joke? 
Hardly. It's an exceptionally secure way of authenticating your account. I use my Yibikey a couple times a week.

Could this command higher ad revenues for 'authenticated' if 'anonymized' user data...?

gatorguy 13 Years · 24627 comments

gatorguy said:
lkrupp said:
Is this a joke? 
Hardly. It's an exceptionally secure way of authenticating your account. I use my Yibikey a couple times a week.
Could this command higher ad revenues for 'authenticated' if 'anonymized' user data...?

Nope. 
It doesn't log anything, nor does it do anything other than authenticate your user credentials. Far more secure than passwords. Instead of the two-factor authentication you might be using now which generally requires a password and entering a texted security code which bad actors might see/use, this is a much stronger hardware-based solution. No physical key, no account access. 

This explains it better than I can:
https://www.yubico.com/solutions/fido-u2f/