Over the course of a lifetime, it is almost a certainty that at some point each person will be hacked or somehow digitally compromised. It could be a matter of being phished, losing a device that someone retrieves personal information from, or some other form of compromise, but it is almost a sad inevitability. Google has been a strong advocate for better security measures than are currently available to people. Changing passwords is good, and two-factor authentication is great, but there are better ways to be secure, and Google has found one.
Google has been using the Titan Key internally, testing it on their employees, and they claim that since early 2017, none of their employees using an early version of the Titan Key have been hacked. The reason the Titan Key works so well is that it is an actual key, of sorts anyway. The Titan Key can be a Bluetooth fob, or it can be a USB stick. The thing being, it is a physical device, and not another password or temporary code that can be spoofed, circumvented, or otherwise compromised. This kind of physical layer of security is game-changing. As CNET pointed out, a hacker a continent away might be able to hack your password or phish the information to digitally access your account, but they can’t steal a Bluetooth fob on your key-ring, and that is what makes the Titan Key different.
Google Employees' Secret to Never Getting Phished Is Using Physical Security Keys https://t.co/MnyICBHlWW
— Tammy Bruce (@HeyTammyBruce) July 24, 2018
Gizmodo reported that Krebs On Security has vouched for Google’s flawless record of employees using the Titan Key to prevent being hacked or phished for over a year. A Google spokesperson also echoed the same message.
“We have had no reported or confirmed account takeovers since implementing security keys at Google. Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.”
The Titan Key works a lot like YubiKey does already, which Google had championed as the best second-factor authentication tool available prior to publicly announcing Titan Key. While it is only configured with the Google Chrome browser at this time, it can be altered to work with Firefox, Facebook, or a variety of password managers. In time, if demand exists, it is thought that Google may release a more universally compatible version of the Titan Key to increase their market share.
None of Google's 85,000+ employees has been successfully phished on their work accounts since early 2017 when Google began requiring employees to use physical Security Keys in place of passwords and one-time codes, company told @briankrebs https://t.co/rm3o3r2GS4
— Kim Zetter (@KimZetter) July 23, 2018