Engineering:Titan Security Key
.jpg) | |
| Common manufacturers | Google Yubico |
|---|---|
| Design firm | |
| Introduced | October 15, 2019 |
| Cost | US$25 - US$35 |
| Color | White |
The Titan Security Key is a FIDO-compliant security token developed by Google which contains the Titan M cryptoprocessor which is also developed by Google. It was first released on October 15, 2019.[1]
Features
Depending on the features, the key costs $25-$35,[2] but Google has provided them for free to high-risk users.[3] It is considered a more secure form of multi-factor authentication to log in to first-party and third-party services and to enroll in Google's advanced protection program. In 2021, Google removed the Bluetooth model due to concerns about its security and reliability.[2]
In November 2023, Google announced a v2 model passkey with FIDO Authenticator Certification Level 1 support.[4][5]
Vulnerabilities
The Bluetooth "T1" and "T2" models initially had a security bug that allowed anyone within 30 feet to make a clone of the key.[6] The security firm NinjaLab has been able to extract the key using a side channel attack.[7] In 2019, Google has put a bug bounty up to US$1.5 million on the Titan chip.[8]
Newer versions and model numbers include:[9]
1. USB-A/NFC (K9T)
2. Bluetooth/NFC/USB (K13T)
3. USB-C/NFC (YT1)
4. USB-C/NFC supporting U2F and FIDO2 (K40T)
While none of these included publicly disclosed security vulnerabilities, Google has discontinued selling Bluetooth versions of the keys in August 2021,[10] although Bluetooth keys continue to work with their warranties honored.[11]
References
- ↑ "USB-C Titan Security Keys - available tomorrow in the US". https://security.googleblog.com/2019/10/usb-c-titan-security-keys-available.html.
- ↑ 2.0 2.1 Clark, Mitchell (2021-08-09). "Google's new Titan security key lineup won't make you choose between USB-C and NFC" (in en). https://www.theverge.com/2021/8/9/22617183/google-usb-c-titan-security-lineup-nfc-password-protection.
- ↑ Page, Carly (2021-10-08). "Google to give security keys to 'high risk' users targeted by government hackers" (in en-US). https://techcrunch.com/2021/10/08/google-to-give-security-keys-to-high-risk-users-targeted-by-government-hackers/.
- ↑ Newman, Lily Hay. "Google's New Titan Security Key Adds Another Piece to the Password-Killing Puzzle" (in en-US). Wired. ISSN 1059-1028. https://www.wired.com/story/google-titan-security-key-passkeys/. Retrieved 2023-11-15.
- ↑ (in en-US) FIDO® Certified Products, 19 May 2015, https://fidoalliance.org/certification/fido-certified-products/
- ↑ Khalid, Amrita (2019-05-15). "Google recalls some Titan security keys after finding Bluetooth vulnerability" (in en-US). https://www.engadget.com/2019-05-15-google-recalls-some-titan-bluetooth-security-keys.html.
- ↑ Goodin, Dan (2021-01-08). "Hackers can clone Google Titan 2FA keys using a side channel in NXP chips" (in en-us). https://arstechnica.com/information-technology/2021/01/hackers-can-clone-google-titan-2fa-keys-using-a-side-channel-in-nxp-chips/.
- ↑ Porter, Jon (2019-11-21). "Google really wants you to hack the Pixel's Titan M security chip" (in en). https://www.theverge.com/2019/11/21/20975650/google-pixel-titan-m-security-chip-bug-bounty-program-3-3a-4-hack.
- ↑ "Safety & Warranty Guides for Google Titan Security Key (Prior Versions)". Google Inc.. https://support.google.com/titansecuritykey/topic/12143102.
- ↑ Brand, Christiaan. "Simplifying Titan Security Key options for our users". Google. https://security.googleblog.com/2021/08/simplifying-titan-security-key-options.html.
- ↑ Kovacs, Eduard (10 August 2021). "Google Discontinuing Bluetooth Titan Security Key". Security Week. https://www.securityweek.com/google-discontinuing-bluetooth-titan-security-key.
 |  |
