Google on Wednesday announced its Titan security key for physical two-factor authentication. It is a small device, the size of a USB drive that stores hidden online logins. It has a button that you tap instead of retyping codes to log in to whichever service you are using. The key uses cryptography to provide two-way verification.
How it works is when you enter your password, pair the Bluetooth key or plug in the USB key to prove that you are who you say you are. Unlike other 2-step verification methods that use one-time codes via text message, security keys don’t require a phone number on your account.
Two-factor authentication is when you receive a code on you mobile phone via SMS or phone call to log in to a certain service.
The Titan security key goes further than traditional two-step verification, requiring you to use a physical Security Key in addition to your password to sign in to your account.
Google has also said that a targeted attack would be able to trick people into giving up the PIN they receive on their phones.
Google's employees have been using the key as their Advanced Protection Program for about a year. Out of the 85,000 employees, not one has been subjected to phishing attacks within that time.
The key comes in two types - one Bluetooth and one USB drive and allows only Google apps and select third-party apps that enables users to turn on universal two-factor authentication to access your emails and Drive files. It uses protocol approved by FIDO alliance.
The Titan key will be available for sale in Google's online store soon (how soon, we're not sure) and will also be able to warn you about visiting a phishing website.
Google advises that if your Google Account is through your work, school, or other group, you might have to use your key more often.
Here’s how to use the key:
Step 1: Setting up Two-Factor Authentication
To set up the key from your Google account, you have to go into your privacy and security settings and turn on two-factor authentication on your account. It will ask you to sync your phone and will send you a code to set up your two-factor authentication.
Step Two, Add Key to Your Account
After setting up, go back to the two factor authentication menu and select security key to know all about how to use the key.
To add a key to your account:
- On your computer, go to the two-Step Verification section of your Google Account.
- Click Add Security Key. Don’t insert your key yet.
- Click Next.
- Insert your key. Tap the button on the key (as mentioned above).
- Follow the instructions.
To make sure you can still sign in if your key ever gets lost, you need to add recovery info and backups.
Step Three: Sign in With Your Key
- Enter your username and password like you normally do. You’ll be asked to sign in with your key anytime you use a new computer or device.
- When prompted, tap or insert the key.
- If your key has a button, lightly tap the blinking circle.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)