Titan Security Key
Common manufacturersGoogle
Yubico
Design firmGoogle
IntroducedOctober 15, 2019
CostUS$25 - US$35
ColorWhite

The Titan Security Key is a FIDO-compliant security token developed by Google which contains the Titan M cryptoprocessor which is also developed by Google. It was first released on October 15, 2019.[1]

Features

Depending on the features, the key costs $25-$35,[2] but Google has provided them for free to high-risk users.[3] It is considered a more secure form of multi-factor authentication to log in to first-party and third-party services and to enroll in Google's advanced protection program. In 2021, Google removed the Bluetooth model due to concerns about its security and reliability.[2]

In November 2023, Google announced a model with passkey support.[4]

Vulnerabilities

The Bluetooth "T1" and "T2" models initially had a security bug that allowed anyone within 30 feet to make a clone of the key.[5] The security firm NinjaLab has been able to extract the key using a side channel attack.[6] In 2019, Google has put a bug bounty up to US$1.5 million on the Titan chip.[7]

Newer versions and model numbers include:[8]

1. USB-A/NFC (K9T)

2. Bluetooth/NFC/USB (K13T)

3. USB-C/NFC (YT1)

4. USB-C/NFC supporting U2F and FIDO2 (K40T)

While none of these included publicly disclosed security vulnerabilities, Google has discontinued selling Bluetooth versions of the keys in August 2021,[9] although Bluetooth keys continue to work with their warranties honored.[10]

References

  1. "USB-C Titan Security Keys - available tomorrow in the US". Google Online Security Blog. Retrieved 2022-02-03.
  2. 1 2 Clark, Mitchell (2021-08-09). "Google's new Titan security key lineup won't make you choose between USB-C and NFC". The Verge. Retrieved 2022-02-04.
  3. Page, Carly (2021-10-08). "Google to give security keys to 'high risk' users targeted by government hackers". TechCrunch. Retrieved 2021-10-09.
  4. Newman, Lily Hay. "Google's New Titan Security Key Adds Another Piece to the Password-Killing Puzzle". Wired. ISSN 1059-1028. Retrieved 2023-11-15.
  5. Khalid, Amrita (2019-05-15). "Google recalls some Titan security keys after finding Bluetooth vulnerability". Engadget. Retrieved 2022-02-03.
  6. Goodin, Dan (2021-01-08). "Hackers can clone Google Titan 2FA keys using a side channel in NXP chips". Ars Technica. Retrieved 2021-10-09.
  7. Porter, Jon (2019-11-21). "Google really wants you to hack the Pixel's Titan M security chip". The Verge. Retrieved 2021-10-09.
  8. "Safety & Warranty Guides for Google Titan Security Key (Prior Versions)". Google Support. Google. Retrieved 31 December 2022.
  9. Brand, Christiaan. "Simplifying Titan Security Key options for our users". Google Online Security Blog. Google. Retrieved 31 December 2022.
  10. Kovacs, Eduard. "Google Discontinuing Bluetooth Titan Security Key". securityweek.com. Security Week. Retrieved 31 December 2022.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.