Last year, Google released the Titan security key as part of its growing interest in two-factor authentication. The kit comes with a type A USB flash drive and a battery-powered Bluetooth / NFC key. Both of these methods can be configured as 2FA methods with Google Accounts. The last thing you want in your security key is a security hole, but that is precisely what has been discovered.

Google today announced on its security blog that a bug in the Bluetooth key had been discovered, but unless you are a global leader or spy agent, you probably have nothing to fear. The bug allows an attacker physically close to you (within 10 meters) to communicate with the device with which the key is associated, but only if you associate the key or you connect to an account at the same time.

Google recommends that Titan security key owners continue to use keys normally while the company sends free replacements. On a related note, the kit was MIA on the Google Store for several months, but is now back in stock.