News Google makes Titan Security Keys available to the public

[Becky]

Becky submitted a new article:

Google makes Titan Security Keys available to the public - The keys are currently only available in the US, but will be more widely available soon

One of the best ways to improve your online security is to input more than one piece of identifying information. There are many ways to do this - for example, a common method is to receive a code via text message - but one of the safest, most secure methods is to use is hardware. Enter Google's Titan Security Key.

The key was made available to Google Cloud customers earlier this year, but today Google...

Read more about this article...

 

[Abraham Andres Luna]

My laptop doesn't have a trusted platform module

 

[muckshifter]

Reminds me of the Software Dongles that started to appear with some software in the early 80s. Unless the 'software' was corporate essential, people avoided it and looked for alternatives.

Banks have had this 'technology' for some time now, seems to have taken a long time for the Dongle to make a comeback.

 

[Urmas]

https://vrk.fi/en/electronic-identity-and-certificates
https://www.gemalto.com/govt/customer-cases/finland

 

[muckshifter]

What needs to happen is the government Chip-n-Pin everyone, especially at birth, no need to bother with cards and other inconvenient bits of plastic.

 

[Ian]

My laptop doesn't have a trusted platform module

I don't think you need TPM to use this . It does everything onboard (AFAIK), so it's an independent little system.

 

[Becky]

https://vrk.fi/en/electronic-identity-and-certificates
https://www.gemalto.com/govt/customer-cases/finland

Sounds like an interesting system, are there many problems with stolen identities?

 

[Urmas]

... are there many problems with stolen identities?

None that I'm aware of.

 

[Becky]

Uh oh...

Due to a misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols, it is possible for an attacker who is physically close to you at the moment you use your security key -- within approximately 30 feet -- to (a) communicate with your security key, or (b) communicate with the device to which your key is paired.

Full story here: https://security.googleblog.com/2019/05/titan-keys-update.html

Google are issuing replacement keys for free if you've got one of the ones affected by this vulnerability, and you can get them here: https://www.google.com/replacemykey

 

[Abarbarian]

Sounds like an interesting system, are there many problems with stolen identities?

Only if you get caught using one

 

[Abarbarian]

https://www.pcreview.co.uk/threads/usb-security-keys-are-they-a-good-idea.4071685/

Are they just a different type of usb key like the ones above excepting they have bluetooth capabilities ?

 

[Becky]

https://www.pcreview.co.uk/threads/usb-security-keys-are-they-a-good-idea.4071685/

Are they just a different type of usb key like the ones above excepting they have bluetooth capabilities ?

Yes I think so.

 

[Abarbarian]

Yes I think so.

Yup looks like Googles own spin on a FIDO compliant key.

https://cloud.google.com/blog/produ...curity-keys-now-available-on-the-google-store

Starting in 2012, we have been working with Yubico and NXP to develop and deploy security keys internally. At Google, we have had no reported or confirmed account takeovers due to password phishing since we began requiring security keys as a second factor for our employees.

In addition to Yubico, FIDO security keys are offered by a strong ecosystem of companies including Feitian and many others. Titan Security Keys are one more option for security-conscious users and organizations looking to implement security keys, such as the data insights company Enplore.

I did think about getting a YubiKey but felt that there were not enough sites that I needed one for. You may find one useful though as they can be used with phones and there are now more ways to use the key. Seems you can protect your KeePass details with one which would be useful.

https://www.yubico.com/why-yubico/for-individuals/

 

[Abarbarian]

https://www.yubico.com/why-yubico/for-individuals/

I never did buy a YubiKey. Spent the money on a motorbike instead.

Had another look at these and things have changed a lot in the last two years. More keys types, USB-C ones for instance, you can use them with NFC and phones and a whole raft of new features and stuff. Well worth reading some of the FAQ's as they detail KeePass and Linux useage too.

 

[Abarbarian]

https://www.yubico.com/why-yubico/for-individuals/

I never did buy a YubiKey. Spent the money on a motorbike instead.

Had another look at these and things have changed a lot in the last two years. More keys types, USB-C ones for instance, you can use them with NFC and phones and a whole raft of new features and stuff. Well worth reading some of the FAQ's as they detail KeePass and Linux useage too.

Oooops I meant to post this here,

https://www.pcreview.co.uk/threads/usb-security-keys-are-they-a-good-idea.4071685/