If you have a new phone or laptop with a USB-C port, Google now has a security key to match. The USB-C Titan Security Key, manufactured by Yubico, is compatible with Android, Chrome OS, macOS, and Windows devices. Google’s latest take on a Fast Identity Online (FIDO) key will hit the Google Store in the U.S. on October 15 for $40.
Google introduced the Titan Security Key at Cloud Next in August 2018. The $50 bundle comes with a USB-A/NFC key, a Bluetooth/NFC/USB key, and an adapter for devices with USB Type-C ports. Google is now splitting the bundle and making the keys available individually:
- USB-A/NFC — $25
- USB-A/NFC/Bluetooth — $35
- USB-C — $40
Security keys play an important role in two-factor authentication (2FA) when securing online accounts against phishing — one of the most common causes of data breaches. 2FA is a method of confirming a user’s identity by using a combination of two different factors: something they know (password), something they have (security key), or something they are (fingerprint).
In April, Google built this capability into Android phones, but only when logging into Google accounts. Titan Security Keys work with any site where FIDO security keys are supported for 2FA, including 1Password, Coinbase, Dropbox, Facebook, GitHub, Salesforce, Stripe, Twitter, and more. “Since we recommend two security keys in case one is lost, users can now purchase one individual key and use Android’s built-in security key as the second key,” a Google spokesperson told VentureBeat.
Partners Feitian and Yubico
Google declined to comment on whether it will ever manufacture any Titan security keys itself. Google’s USB-A/NFC and Bluetooth/NFC/USB Titan Security Key models are manufactured by Feitian. This time, Google chose Yubico to manufacture the USB-C Titan Security Key. Google and Yubico have been partnered since 2012, when they worked on the FIDO Universal 2nd Factor (U2F) standard.
All Titan Security Keys are built with a hardware secure element chip that includes firmware engineered by Google to verify the key’s integrity. Google says it uses this same security technology to protect access to its internal applications and systems.