Google’s New Titan Security Key Adds Another Piece to the Password-Killing Puzzle
Passwords are a terribly insecure and frustrating authentication technology, but after decades of digital use, they are ubiquitous. However, recently the global technology industry has been work to promote a simpler and more secure alternative known as passwords. With his other initiatives has defend connection technologyGoogle today announced the launch of a new version of its Titan hardware passkeys, capable of storing access keys directly on the device.
For most users of most accounts, passwords are managed directly from a smartphone or laptop. But for anyone looking for an alternative, either because they prefer a standalone key for ease of use, or because they want maximum security separation, storing access keys on a hardware token is an interesting option. The new Titan keys are available now and can store over 250 unique passwords. They replace Google’s existing Titan USB-A and USB-C devices.
“We’re excited about the potential of passwords, but know there’s no silver bullet when it comes to security for everyone,” Google wrote in a blog post published today. “Some people need a solution that doesn’t rely on smartphones or use devices that don’t support passkeys. Everyone has different approaches to security, but we all share one goal: stopping attacks. That’s why we intentionally designed the latest Titan security keys to encompass secure password cryptography on portable hardware.
As part of setting up a password for a Google account on a Titan device, users will be prompted to create a PIN which they enter, as well as produce the security key to log in.
As part of its announcement today at the Aspen Cyber Summit in New York, Google also announced that in 2024 it will deliver 100,000 new Titan Keys to high-risk individuals around the world. This effort is part of Google’s efforts Advanced Protection Program, which provides vulnerable users with extensive account monitoring and threat protection. The company has already distributed Titan keys under this program and today cited the rise in phishing attacks and the upcoming global elections as two examples of the need to continue expanding the use of secure authentication methods such as passwords.
Hardware authentication tokens have unique protection benefits because they are self-contained, siled devices. But they still need to be rigorously secured to ensure they don’t introduce another point of weakness. And as with any product, they can have vulnerabilities. In 2019, for example, Google recalled and replaced its Titan BLE-branded dongle due to a flaw in its Bluetooth implementation.
As for the next-generation Titan, Google tells WIRED that, as with all of its products, it has conducted a thorough internal security review on the devices and has also hired two external auditors, NCC Group and Ninja Labs, to conduct reviews. independent assessments. of the new key.
