cfo-as logo
Story image

Google expands Titan security keys across parts of EU & Asia

24 Feb 2020

Google’s Titan security keys are going public in more countries around the world, opening up more cybersecurity options for those at ‘higher risk’ of targeted cyber attacks.

Google’s Titan security key bundle was launched late last year. It includes USB-A/NFC/BLE keys that can act as a second form of authentication as part of a two-factor authentication process.

Now USB-C Titan Security Keys will be available in Canada, France, Japan, Germany, Switzerland, Austria, Spain, Italy, and the UK. Additionally, the security keys are now available from the Google Store in European countries including Austria, Germany, Italy, Spain, and Switzerland.

Google designed the keys so that they are built on open standards so that they can be used beyond Google product and services.  

Google also uses firmware to verify the security key’s integrity at the hardware level.

According to Google Cloud product manager Christiaan Brand, the Titan security keys are an important feature of Google’s Advanced Protection Program. This program is for users who may be at higher risk of targeted attacks across their personal or work Google accounts.

These higher risk users could be IT administrators, executives, political activists and campaign teams, and journalists.

Google offers free Titan security Keys to federal political campaigns teams in the United States.

“Security keys use public-key cryptography to verify your identity and URL of the login page so that an attacker can’t access your account even if they have your username or password. Unlike other two-factor authentication (2FA) methods that try to verify your sign-in, security keys support FIDO standards that provide the strongest protection against automated bots, bulk phishing attacks, and targeted phishing attacks,” Brand explains.

FIDO standards advocate for alternatives to password-based logins by using a system based on public key cryptography. These alternatives should be secure, fast, and work across websites and apps.

According to the FIDO Alliance, which includes members such as Amazon, Facebook, Apple, Google, PayPal, Visa, and more, FIDO authentication is resistant to phishing and other types of common attacks.

“The FIDO protocols are designed from the ground up to protect user privacy. The protocols do not provide information that can be used by different online services to collaborate and track a user across the services. Biometric information, if used, never leaves the user’s device,” the FIDO Alliance states.

Brand adds that enterprises and consumers can use Titan Security Keys for any site where FIDO security keys are supported for 2FA, including their personal or work Google Account, 1Password, Bitbucket, Bitfinex, Coinbase, Dropbox, Facebook, GitHub, Salesforce, Stripe, Twitter, and more.

Techday understands that Google’s Titan keys are not currently available in Australia or New Zealand.