One of the best ways to improve your online security is to input more than one piece of identifying information. There are many ways to do this - for example, a common method is to receive a code via text message - but one of the safest, most secure methods is to use is hardware. Enter Google's Titan Security Key.
The key was made available to Google Cloud customers earlier this year, but today Google announced that they were making the key available to everyone. Currently only US customers can purchase the Titan keys, but according to Google the keys will soon be available in additional regions too.
What are security keys and why are they useful?
Let's take a step back first and consider the norm; single-factor authentication (SFA), i.e. passwords. Although it is indeed possible to have secure passwords that are difficult to hack, the fact that most humans are not able to remember a series of long, obscure passwords means that they are vulnerable. Most people either use the same password for multiple log-ins, or record their passwords somewhere. Is is indeed possible to have good password security, but it can be time consuming and complicated, which puts people off.
A step up from SFA is two-step verification (2SV), which unsurprisingly means that rather than inputting one credential you input two. An example of this would be entering a password as well as a code sent to you via text message. This method can still have vulnerabilities, since text messages can be intercepted, but it is more secure than SFA.
Taking things one step further, the use of two-factor authentication (2FA) is more secure than 2SV because it uses two distinct input methods (such as a password and thumbprint). The use of security keys is a way to give a second form of identification, and all you need to do is plug it in via USB. Since it is a physical piece of hardware that needs to be in your possession, it is very secure.
What's so special about the Titan Security Keys?
The Titan Security Keys have what Google describes as their "special sauce", which is "firmware that’s embedded in a hardware chip within the key that helps to verify that the key hasn’t been tampered with". You can read more about them and how they work on the Google Blog.
The Titan Security Keys can be used both with a Google Account and other services. It's also worth bearing in mind that Google considers this form of authentication the "strongest, most phishing-resistant method of [...] two-factor authentication (2FA) on the market today". In addition, since Google switched to using these keys last year not one of its 85,000+ employees has been subject to a successful phishing attack.