Hands On With the Google Titan Security Key

[Guest]

Google's two-factor authentication Titan Security hit Google Store today. We tried it out for ourselves.

Hands On With the Google Titan Security Key : Read more

 

[Gurg]

Has Google given a work around to the Chinese government already?

 

[mikewinddale]

Thanks for this review. I've been using a YubiKey for a few months now, but it's nice to see there's an alternative - in case I ever need one. I have the YubiKey with NFC, and I've been able to use it on my Android.

One huge problem I see with *all* these keys is that many sites have "Don't ask again on this computer" checked by default (see the Google screenshot). This means that if you're using a public computer, you have to remember to uncheck the box. If you use public computers a lot - say, you're a college student who uses the library - then this means a lot of opportunities to forget to uncheck the box. But the moment you forget to uncheck the box once, you've just lost all the extra security benefits. Now someone only needs your password and nothing else (on that specific computer, of course).

I wish websites would uncheck that box by default. That way, when you use a public computer and forget to look at the box, you haven't compromised your security. On your own personal computers, you'll have to remember to check the box, but once you check it, you're good to go. So it's hardly less convenient, but far more security. It astounds me that few if any websites have realized that unchecking the "remember me" box would offer greater security without almost zero cost.

 

[gggplaya]

That usb key is way too big for a laptop. It will be adopted by people with sensitive data on their pc's, but for mass adoption the key needs to be the same size as a nano mouse dongle. Most people are fine leaving it on their computers all the time. Losing their computers or having them stolen is not their main concern. They just don't want some hacker in russia to log into their accounts.

 

[bloodroses]

Has Google given a work around to the Chinese government already?

Only Apple does that kind of stuff.

Google backed out of China in 2006 due to not agreeing to China's rules. By the time they tried to re-enter, China already made their own, or use open source (Android), software. It is not Google supported though. You can't even get the Google Play Store to work out there. Here is an interesting article talking about issues between Google/China (and is recent).

http://www.forbes.com/sites/cognitiveworld/2018/08/30/why-china-is-a-no-go-land-for-google

 

[mikeebb]

So if I have this straight: this is like a Yubikey, but only really works for social apps and Google stuff? I have Windows (with Bitlocker disk encryption) and Linux computers, a Windows phone, no social network or app accounts other than LinkedIn (rarely used), and use mostly free and/or open source applications on the computers. Sounds like I'll be getting a Yubikey, which seems to be more generically acceptable, rather than this one, and relying on whatever my employer distributes (eventually) for the work computer.

 

[Olle P]

Seems like it only offers (some) protection against third parties hi-jacking one's social media account. Should be useful for those that are high profile and have many followers (and haters).

It seems to not offer protection against access to the stored data. Neither from Google admins nor from government agencies or anybody else with access to the servers. Since the key is registered one must assume that Google has the ability to easily circumvent it on demand.

 

[humorific]

Has Google given a work around to the Chinese government already?

It's manufactured in China so that part is already taken care of.

 

[phdstudent]

Does the Google key work with password managers, such as Dashlane?

 

[popatim]

What do you do when you key breaks or stops working?

 

[odaniel9]

Has anyone been able to get a Bluetooth Titan key to handle the second step of verification via Bluetooth on a PC? My key registered and paired correctly but only does the verification via USB. Has anyone else had any success doing the verification via Bluetooth on a PC?

 

[wallace.wj]

If only MS would let me use my TPM as a virtual smart card under Win 10, as I could under Win 8.1. Then it would be easier to issue digital certificates, including those issued by many governments for filing taxes and so on. Add local biometrics, and both machine and user are certified as genuine. The new keyboard from MS with a fingerprint reader might be just the thing for that. C'mon, Redmond, put Humpty Dumpty back together, and we'll all be better off.

 

[ron baker]

oNE YEAR LIMITED warranty ..LOL . I was about to ask what the refund policy was after it gets hacked .. but now I see that its a one year deal ..to be thrown away and rebought with stronger encryption every year or so . Also, not every PC has bluetooth