The Titan Security Key Bundle from Google Cloud adds a layer of security to your Google, and other accounts that support the FIDO Alliance standards. The keys helped Google themselves manage a full year without any employee account being compromised. Many users avoid Two-Factor Authentication (2FA) on their accounts, and most don’t even use it on their most important account, their email. It was reported that less than 10% of Gmail users have set-up 2FA in some form. Google offers a wide variety ranging from text codes, use of the Google Authenticator App (Google Play / Apple App Store), and Google Prompt which is a device notification that pops up on your screen asking if you’re trying to sign into your account. Assuming of course, you didn’t give your phone to someone else or lose it without wiping/locking it.
Lemacks Media requires and uses 2FA for all of our internal services, and most importantly all client facing services like Hosting and Google G Suite.
Titan Security Key unboxing
With the Titan Security Key bungle you receive a USB Security Key, Bluetooth/NFC Security Key, Micro-USB Cable, and USB-A to USB-C adapter which works both on mobile devices as well as laptops/PC’s.
I am pleasantly surprised that the USB-A to USB-C Adapter is USB 3.1 as the adapter that comes with all 3 Pixels is USB 2.0 still. The disappointing part is that the Bluetooth/NFC key still uses Micro-USB rather than USB-C, which means in the event the key dies when you need to use it, you can’t just use your phones charging cable to power it up. You will need to either carry the extra cable with you, or carry the physical key/adapter or both. Carrying the physical key and adapter to me is the more logical route as it does work on mobile devices.
Another potentially troubling issue is that that manufacturer of the 2 keys are not the same. The USB Titan Security Key is made by Yubico, is well known and well respected security company, while the Bluetooth/NFC Titan Security key is made by Chinese company Feitian Technologies which is part of a Chinese Military Alliance. Or, it is at a minimum made with the same parts and standards as the one created by Feitian. Google has not acknowledged any potential issues, however since it uses the FIDO Web Authentication API, and not some custom API it realistically should be fine so long as there haven’t been firmware modifications by Feitian that Google in unaware of.
The setup of the Titan Security Keys are very straightforward, simply visit your Google Account page > Security Settings > expand 2-Step Verification.
When you sign in, you will receive a prompt like this after entering your password.
And that’s it, you can also check to see if your other various accounts support the standard, if they do, you can set it up there as well. Get your Titan Security Key Bundle from the Google Store.
I omitted that I paired the Bluetooth key with my PC and planning to log into my account every day. I want to know how long the battery lasts when used one time per day. I will update when the key dies.