Is Titan the KEY to Your Security?
Recently I wrote an article about the importance of using two-factor authentication (2FA), with a caveat that there is a serious flaw in the way most people use it. Today you'll learn about a gadget called the Titan Key that makes 2FA (and your online accounts) virtually hacker-proof. Read on...
Hardware Keys for Two Factor Authentication
Two-factor authentication (2FA) is the current best practice when it comes to securing your online accounts. With so many massive data breaches being reported, it's unlikely that your username and password are known only to you. That's why you need something in addition, to prevent unauthorized access to your email, e-commerce, online banking, and other accounts.
But in order for 2FA to protect your account, you have to get the details right. Last week, in my article When 2FA Goes Bad, I described how one popular online service got hacked because they were using SMS (text messaging) to implement their two-factor logins.
In a two-factor authentication system, you need more than just your username and password to gain access to an account. In addition to those login credentials, you need another "factor," which can be something only you are, (e.g., your fingerprint), something only you know, (e.g., the street on which you grew up), or something only you have, (e.g., a smartphone).
It is immediately apparent that things you know are not necessarily things that ONLY you can know. A personal physical trait such as a fingerprint can be replicated well enough to fool an authentication system if it can be observed by a stranger. The best 2FA type is probably a physical object that only you have.
Such objects are called “hardware keys.” They are designed to be nondescript on the outside and uniquely complex on the inside. A ring, a keychain fob, and a USB thumb drive all make good form factors for a hardware key. Inside, encrypted, lies a digital code that cannot be divined by observation from a distance. Plug the key into a matching device on a phone, PC, or door lock and the two things shake hands, the code is decrypted, and the user is authenticated.
Is Google's Titan Key the Answer?
Google would like everyone to use hardware keys. That’s rather ambitious given that only 10% of Gmail users have added any form of 2FA to their accounts. But the company has shown that hardware keys tighten security about as tight as it can be.
Google recently reported that none of its 85,000-plus employees’ accounts was compromised in 2017, and credits much of that remarkable success to its in-house deployment of a hardware key system dubbed the Titan Key.
A Titan key can be plugged into a USB port or communicate wirelessly over short-range Bluetooth radio frequencies. The Bluetooth option is likely to be more popular because it does not require any more daily effort than attaching the key to one’s person, once a day.
Titan keys probably won’t be embedded in smartphones because phones are not “nondescript” and tens of millions are lost or dropped into toilets each year. Titan keys embedded in wallets are one possibility, but wallets are targets for thieves. Google plans to offer Titan keys in its Play Store this year. With the marketing power of Google behind it, hardware key tech just may stand a chance against human inertia.
Google’s hardware key is not the first of its kind. Yubico has been making hardware keys since 2007. The open-source project, NitroKey, has been around since 2008. And at least one attempt at a fashion ring that contains hardware key circuitry is available. But Google’s market power and credibility may help its Titan key overcome human inertia.
Most people don’t deal with highly sensitive data, or at least they think their personal data isn’t highly sensitive. So it will be tough to convince them to put up with the slightest inconvenience in exchange for a significant improvement in online security.
Would you use a hardware key? Do you know anyone who should? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 6 Aug 2018
|For Fun: Buy Bob a Snickers.|
When 2FA Goes Bad
The Top Twenty
How to Spot a Bot
There's more reader feedback... See all 26 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Is Titan the KEY to Your Security? (Posted: 6 Aug 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved