.jpg) | |
| Common manufacturers |
Google Yubico |
|---|---|
| Design firm | |
| Introduced | October 15, 2019 |
| Cost | US$25 - US$35 |
| Color | White |
The Titan Security Key is a FIDO-compliant security token developed by Google which contains the Titan M cryptoprocessor which is also developed by Google. It was first released on October 15, 2019. [1]
Features
Depending on the features, the key costs $25-$35, [2] but Google has provided them for free to high-risk users. [3] It is considered a more secure form of multi-factor authentication to log in to first-party and third-party services and to enroll in Google's advanced protection program. In 2021, Google removed the Bluetooth model due to concerns about its security and reliability. [2]
In November 2023, Google announced a model with passkey support. [4]
Vulnerabilities
The Bluetooth "T1" and "T2" models initially had a security bug that allowed anyone within 30 feet to make a clone of the key. [5] The security firm NinjaLab has been able to extract the key using a side channel attack. [6] In 2019, Google has put a bug bounty up to US$1.5 million on the Titan chip. [7]
Newer versions and model numbers include: [8]
1. USB-A/NFC (K9T)
2. Bluetooth/NFC/USB (K13T)
3. USB-C/NFC (YT1)
4. USB-C/NFC supporting U2F and FIDO2 (K40T)
While none of these included publicly disclosed security vulnerabilities, Google has discontinued selling Bluetooth versions of the keys in August 2021, [9] although Bluetooth keys continue to work with their warranties honored. [10]
References
- ^ "USB-C Titan Security Keys - available tomorrow in the US". Google Online Security Blog. Retrieved 2022-02-03.
- ^ a b Clark, Mitchell (2021-08-09). "Google's new Titan security key lineup won't make you choose between USB-C and NFC". The Verge. Retrieved 2022-02-04.
- ^ Page, Carly (2021-10-08). "Google to give security keys to 'high risk' users targeted by government hackers". TechCrunch. Retrieved 2021-10-09.
- ^ Newman, Lily Hay. "Google's New Titan Security Key Adds Another Piece to the Password-Killing Puzzle". Wired. ISSN 1059-1028. Retrieved 2023-11-15.
- ^ Khalid, Amrita (2019-05-15). "Google recalls some Titan security keys after finding Bluetooth vulnerability". Engadget. Retrieved 2022-02-03.
- ^ Goodin, Dan (2021-01-08). "Hackers can clone Google Titan 2FA keys using a side channel in NXP chips". Ars Technica. Retrieved 2021-10-09.
- ^ Porter, Jon (2019-11-21). "Google really wants you to hack the Pixel's Titan M security chip". The Verge. Retrieved 2021-10-09.
- ^ "Safety & Warranty Guides for Google Titan Security Key (Prior Versions)". Google Support. Google. Retrieved 31 December 2022.
- ^ Brand, Christiaan. "Simplifying Titan Security Key options for our users". Google Online Security Blog. Google. Retrieved 31 December 2022.
- ^ Kovacs, Eduard. "Google Discontinuing Bluetooth Titan Security Key". securityweek.com. Security Week. Retrieved 31 December 2022.
|
| |
| Common manufacturers |
Google Yubico |
|---|---|
| Design firm | |
| Introduced | October 15, 2019 |
| Cost | US$25 - US$35 |
| Color | White |
The Titan Security Key is a FIDO-compliant security token developed by Google which contains the Titan M cryptoprocessor which is also developed by Google. It was first released on October 15, 2019. [1]
Features
Depending on the features, the key costs $25-$35, [2] but Google has provided them for free to high-risk users. [3] It is considered a more secure form of multi-factor authentication to log in to first-party and third-party services and to enroll in Google's advanced protection program. In 2021, Google removed the Bluetooth model due to concerns about its security and reliability. [2]
In November 2023, Google announced a model with passkey support. [4]
Vulnerabilities
The Bluetooth "T1" and "T2" models initially had a security bug that allowed anyone within 30 feet to make a clone of the key. [5] The security firm NinjaLab has been able to extract the key using a side channel attack. [6] In 2019, Google has put a bug bounty up to US$1.5 million on the Titan chip. [7]
Newer versions and model numbers include: [8]
1. USB-A/NFC (K9T)
2. Bluetooth/NFC/USB (K13T)
3. USB-C/NFC (YT1)
4. USB-C/NFC supporting U2F and FIDO2 (K40T)
While none of these included publicly disclosed security vulnerabilities, Google has discontinued selling Bluetooth versions of the keys in August 2021, [9] although Bluetooth keys continue to work with their warranties honored. [10]
References
- ^ "USB-C Titan Security Keys - available tomorrow in the US". Google Online Security Blog. Retrieved 2022-02-03.
- ^ a b Clark, Mitchell (2021-08-09). "Google's new Titan security key lineup won't make you choose between USB-C and NFC". The Verge. Retrieved 2022-02-04.
- ^ Page, Carly (2021-10-08). "Google to give security keys to 'high risk' users targeted by government hackers". TechCrunch. Retrieved 2021-10-09.
- ^ Newman, Lily Hay. "Google's New Titan Security Key Adds Another Piece to the Password-Killing Puzzle". Wired. ISSN 1059-1028. Retrieved 2023-11-15.
- ^ Khalid, Amrita (2019-05-15). "Google recalls some Titan security keys after finding Bluetooth vulnerability". Engadget. Retrieved 2022-02-03.
- ^ Goodin, Dan (2021-01-08). "Hackers can clone Google Titan 2FA keys using a side channel in NXP chips". Ars Technica. Retrieved 2021-10-09.
- ^ Porter, Jon (2019-11-21). "Google really wants you to hack the Pixel's Titan M security chip". The Verge. Retrieved 2021-10-09.
- ^ "Safety & Warranty Guides for Google Titan Security Key (Prior Versions)". Google Support. Google. Retrieved 31 December 2022.
- ^ Brand, Christiaan. "Simplifying Titan Security Key options for our users". Google Online Security Blog. Google. Retrieved 31 December 2022.
- ^ Kovacs, Eduard. "Google Discontinuing Bluetooth Titan Security Key". securityweek.com. Security Week. Retrieved 31 December 2022.
| |||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||