Google wants you to use physical security keys so badly that it is willing to sell you a



[ad_1]

Google really wants you to use physical security keys to protect yourself from hackers. After announcing that its 85,000 employees have managed to stay more than a year without getting phished because of the mandatory security features, Google now has its own physical security key to sell you.

Today, the company has announced its new Titan security key, a device that protects your accounts by limiting two-factor authentication to the physical world.

It is available in a USB key and in a Bluetooth variant, and like the similar products of Yubico and Feitian, it uses the protocol approved by the FIDO alliance. This means that it will be compatible with virtually all services allowing users to enable U2F authentication (Universal 2nd Factor Authentication).

At this point, everyone should be familiar with basic two-factor authentication that adds an extra layer of security in addition to the standard password. You can request a text message or use an authentication application to generate a code that must also be entered to access your account.

This helps to mitigate the risks of handling your password. But the technique can still be bypassed by a hacker .

U2F goes further by requiring that a USB device inserted into your computer or an NFC device be near your device. Google is also spearheading the use of Bluetooth (BLE) for its U2F.

Bluetooth apart, however, it is unclear exactly what differentiates Google's product from its competitors.

In an email to Gizmodo the company said: "Titan Security Key gives you even more peace of mind that your accounts are protected, with Google's assurance of Integrity of the physical key. 19659002] So it seems that Google is simply betting on brand recognition – and it is true that you do not want to buy this type of gear from an unknown source.

Yubico pioneered this technology. the manufacture of U2F devices as well as the refinement of its protocols. His professional clients include major companies such as Facebook. Google has also been a Yubico customer and both companies have worked together on the development of FIDO standards over the years.

Following the announcement of the Titan key, Stina Ehrensvard, CEO of Yubico, wrote a slightly critical article with respect to Google. new product.

Ehrensvard insisted that everyone in Yubico "is a true supporter of open standards" and all new competitors on the ground are welcome. But she chose a few points that users will keep in mind if they are trying to decide if they want to go with Titan.

From his post:

Yubico firmly believes that our customers have security and privacy advantages by manufacturing and programming our products in the USA and Sweden.

Google offers a Bluetooth Key (BLE). While Yubico has already initiated the development of a BLE security key, and contributed to the standardization work of BLE U2F, we decided not to launch the product because it does not meet our security standards, Usability and durability. BLE does not provide NFC and USB security assurance levels, and requires stacks and pairing that offer a poor user experience.

When we asked Google if she wanted to address the concerns raised by Ehrensvard, a spokesman declined. His point about the country in which Titan is made is a bit confusing. It seems like she's trying to say that Google's device is manufactured in a country that could leave it open to compromise. When we asked Yubico what it meant and where Titan was produced, a spokesman referred us to Google.

Yubico spokesman pointed out to us a recent warning from the US computer emergency response team. allow an attacker to access your data. Yubico says he's focusing on Near Field Communication (NFC) instead of Bluetooth and that he plans to announce soon another secure and user-friendly solution for iOS.

Speaking of user-friendly solutions, U2F, in general, is a little pain in the ass. CNET had a hands-on preview of the Titan key and found himself stuck in their accounts when they forgot the device at the office. They recommend setting up a backup check with Google who sends a notification to put you back into your accounts on a trusted device.

But I'm sure most people will remember the keys to their house or car, and that could become second nature after a while.

Regarding why Google is doing this right now, it makes sense that it is sincerely trying to incorporate this kind of second nature into the public. Yubico is making a lot of money, but not the kind of money that feeds Google.

Titan seems to be mostly about public awareness and brand building around security. Earlier this year, Google lamented that only 10% of Gmail users have turned on two-factor authentication. Encouraging users to enter security keys expands the Overton window to what people are willing to tolerate as an inconvenience.

Google Cloud customers can already order Titan keys through their Google representative, and the company says they'll be available soon for $ 20 US ($ 27) to $ 25 US ($ 34), which is a fairly standard price. If you do not want to wait, Yubico and Feitian have respected the keys that are ready to be shipped now.

[Google, CNET]

[ad_2]
Source link