Skip to main content

Google’s in-house security key is now available to anyone who wants one

By

Google’s Titan Security Key is finally available to anyone who wants one. The two-factor token went live today in the Google store, with a full kit available for $50, shipping immediately. The kits include a USB key, a Bluetooth key, and various connectors. The key has been available to Google Cloud customers since July, when the project was first publicly announced.

Built to the FIDO standard, the Titan keys work as a second factor for a number of services, including Facebook, Dropbox, and Github. But not surprisingly, they’re built particularly for Google account logins, particularly the Advanced Protection Program announced in October. Because the keys verify themselves with a complex handshake rather than a static code, they’re far more resistant to phishing attacks than a conventional confirmation code. The key was initially designed for internal Google use, and has been in active use within the company for more than eight months.

According to Google, the production process also makes the keys more resistant to supply chain attacks. “This firmware is sealed permanently into a secure element hardware chip at production time in the chip production factory,” Cloud product manager Christian Braand said in a post today. “The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material.”

You can enable security keys in your Google account from the two-step verification page, or sign up for the Advanced Protection Program here.



from The Verge - Teches https://ift.tt/2wr8HdM
Labels:

Comments

Post a Comment

Popular posts from this blog

Magic Leap is shipping across (most of) the US

By
As Magic Leap holds the first developer conference for its Magic Leap One mixed reality headset, that headset has started shipping across the contiguous United States, instead of in a set of select markets. The Magic Leap One Creator Edition costs $2,295, just like before, but there’s now an installment plan that starts at $96 per month. All orders are supposed to arrive within 60 days. The Magic Leap One Creator Edition went on sale in early August, and while Magic Leap has touted it as a fully functional device, it’s basically meant for people who want to design apps, games, or art for mixed reality. We were ambivalent toward the hardware, which we found limited, and we noted that Magic Leap hadn’t shown off a lot of material that showcased its potential. The company’s developer conference keynote has revealed several new projects. Among other things, Spider-Man studio Insomniac Games is building an experience that will let you grow a holographic creature on your tabletop, and...
Post a Comment
Read more

US carriers introduce Project Verify to replace individual app passwords

By
Four major US carriers — AT&T, Sprint, T-Mobile, and Verizon — are joining forces to launch a single sign-on service for smartphones. The service, called Project Verify , authenticates app logins so that users don’t need to memorize passwords for all their apps. The companies say their solution verifies users through their phone number, phone account type, SIM card details, IP address, and account tenure. Essentially, your phone serves as the verification method with details that are hard to spoof. Users have to manually grant apps permission to use Verify, and it works similarly to how you might log into some services through Gmail or Facebook instead of using a unique account password. Of course, these apps also have to choose to work with Verify, and the program hasn’t listed any partners or when it intends to launch. The service can serve as your two-factor authentication method, too, instead of an emailed or texted code that can be intercepted. Users might not be totally sa...
1 comment
Read more