Authentication via passwords has long been deemed insecure and exasperating. Despite its drawbacks, it remains a ubiquitous method after decades of digital prevalence. However, the global tech industry has been actively advocating for a more straightforward and secure alternative known as passkeys. In line with its commitment to promoting innovative login technologies, Google has unveiled a new iteration of its Titan hardware authentication keys, designed to store passkeys directly on the device.
For the majority of users on various accounts, passkeys are typically managed through smartphones or laptops. Yet, for those seeking alternatives—whether due to a preference for standalone keys or a desire for heightened security through separation—storing passkeys on a hardware token emerges as a valuable choice. The recently launched Titan keys are already available and have the capacity to store over 250 unique passkeys, replacing Google’s existing USB-A and USB-C Titan devices.
In a blog post released today, Google expressed its enthusiasm for the potential of passkeys while acknowledging that there’s no one-size-fits-all security solution. Recognizing the diverse security preferences of users, Google states, “Some people require a solution not dependent on smartphones or use devices that don’t support passkeys—everyone has different approaches to security, but we all share one goal: stop attacks. That’s why we intentionally designed the latest Titan Security Keys to encompass the secure cryptography of passkeys on a portable piece of hardware.”
As part of the passkey setup for a Google account on a Titan device, users will be prompted to create a PIN code, which they’ll enter along with the security key during the login process.
In an additional announcement made at the Aspen Cyber Summit in New York City, Google revealed plans to distribute 100,000 of the new Titan keys to high-risk individuals globally by 2024. This initiative falls under Google’s Advanced Protection Program, which extends enhanced account monitoring and threat protection to vulnerable users. Notably, Google has distributed Titan keys through this program previously, citing the increasing threat of phishing attacks and upcoming global elections as reasons to further expand the adoption of secure authentication methods like passkeys.
While hardware authentication tokens offer unique protective advantages as standalone devices, it is crucial to ensure their rigorous security to prevent introducing new vulnerabilities. Like any product, they may still have potential weaknesses. In 2019, for instance, Google recalled and replaced its Titan BLE-branded security key due to a flaw in its Bluetooth implementation.
Regarding the latest Titan generation, Google has informed WIRED that, following its standard protocol for all products, it conducted an extensive internal security review and enlisted the services of two external auditors—NCC Group and Ninja Labs—to perform independent assessments of the new key.
Google’s Latest Titan Security Key Introduces an Additional Layer to Revolutionize Password Security
Authentication via passwords has long been deemed insecure and exasperating. Despite its drawbacks, it remains a ubiquitous method after decades of digital prevalence. However, the global tech industry has been actively advocating for a more straightforward and secure alternative known as passkeys. In line with its commitment to promoting innovative login technologies, Google has unveiled a new iteration of its Titan hardware authentication keys, designed to store passkeys directly on the device.
For the majority of users on various accounts, passkeys are typically managed through smartphones or laptops. Yet, for those seeking alternatives—whether due to a preference for standalone keys or a desire for heightened security through separation—storing passkeys on a hardware token emerges as a valuable choice. The recently launched Titan keys are already available and have the capacity to store over 250 unique passkeys, replacing Google’s existing USB-A and USB-C Titan devices.
In a blog post released today, Google expressed its enthusiasm for the potential of passkeys while acknowledging that there’s no one-size-fits-all security solution. Recognizing the diverse security preferences of users, Google states, “Some people require a solution not dependent on smartphones or use devices that don’t support passkeys—everyone has different approaches to security, but we all share one goal: stop attacks. That’s why we intentionally designed the latest Titan Security Keys to encompass the secure cryptography of passkeys on a portable piece of hardware.”
As part of the passkey setup for a Google account on a Titan device, users will be prompted to create a PIN code, which they’ll enter along with the security key during the login process.
In an additional announcement made at the Aspen Cyber Summit in New York City, Google revealed plans to distribute 100,000 of the new Titan keys to high-risk individuals globally by 2024. This initiative falls under Google’s Advanced Protection Program, which extends enhanced account monitoring and threat protection to vulnerable users. Notably, Google has distributed Titan keys through this program previously, citing the increasing threat of phishing attacks and upcoming global elections as reasons to further expand the adoption of secure authentication methods like passkeys.
While hardware authentication tokens offer unique protective advantages as standalone devices, it is crucial to ensure their rigorous security to prevent introducing new vulnerabilities. Like any product, they may still have potential weaknesses. In 2019, for instance, Google recalled and replaced its Titan BLE-branded security key due to a flaw in its Bluetooth implementation.
Regarding the latest Titan generation, Google has informed WIRED that, following its standard protocol for all products, it conducted an extensive internal security review and enlisted the services of two external auditors—NCC Group and Ninja Labs—to perform independent assessments of the new key.
Archives
Categories
Archives
Rust 1.84 Unveils Enhanced Strict Provenance APIs
January 16, 2025Google Introduces Jules: A New Contender in the AI Coding Assistant Space
December 29, 2024Categories
Meta