This $50 Titan Security Key from Google secures your online accountsMade in China?
For those unaware, Google’s Titan Security Key is a physical device that is built on the FIDO (Fast Identity Online) specification. This device can be used to add an extra layer of security to protect data on the sites and services against phishing attacks. Just like other security keys, it can be used over Bluetooth or USB. The Titan Security Key can not only be used to secure the host of services offered by Google, but also with other non-Google services. According to Google, the production process of the Titan Security Key makes it more resilient to supply chain attacks. “This firmware is sealed permanently into a secure element hardware chip at production time in the chip production factory,” Cloud product manager Christian Braand said in a post. “The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material.” In 2017, Google had started giving out physical security keys to all 85,000 employees to login accounts. Following this implementation, no employee has experienced any account hacks and phishing attacks since then. With the use of physical security keys, Google has removed the need for its employees to remember passwords or use one-time access codes. For those unaware, Physical Security Keys are simple USB-based devices that work as an alternate approach to the now universal two-factor authentication (2FA). They work on an open-authentication standard known as ‘Universal 2nd Factor (U2F)’ that removes the need to remember multiple passwords for various sites. The $50 kit comes with a USB key, a Bluetooth Low Energy key, and an adapter for devices with USB Type-C ports. You can enable security keys in your Google account from the two-step verification page.
Made in China?
While Google’s Titan Security Key is certainly an interesting device to keep users’ online accounts safe from phishing attacks, the search giant has however come under fire for manufacturing the key in China in partnership with manufacturer Feitian, according to a report from CNBC. The product is labeled as “Produced in China,” indicating that the security key is manufactured there. Adam Meyers, a security expert at the security firm CloudStrike, is of the opinion that producing security keys overseas will make Google vulnerable not only to infiltration by hackers but also by the Chinese government during the assembly process. However, Google said that the hardware that provides the keys’ security is sealed before it heads to the manufacturer to guard against supply chain attacks. The company declined to comment further.