Google today announced its own hardware-based security key dubbed “Titan Keys” at Google’s Cloud Next Conference. The new Titan Keys comes with two-factor authentication (2FA) which is thought to combat the most prevalent form of online account hijacking. With 2FA, the users now need to prove their physical identity to confirm that they are legitimate. In this case, the user may need to authenticate via fingerprint and their likes. Earlier, without 2FA authentication attackers used to guess or steal the password and used it to gain access to the user’s accounts.
Google has been internally testing the device on its 85,000 users since 2017. Last week, it announced it has been able to stop the attackers from gaining access to all its user accounts. Now Google plans to translate the same success to all the users. The new Titan keys will be available in two versions, a USB version and the Bluetooth version. A USB version can be directly attached to the laptop or computer. The Bluetooth one has to be paired with a device before it can be used; it is mainly targeted at mobile users. Both the versions have met the Fast Identity authentication standard (FIDO) that makes them compatible with other sites that Google own.
Up to now, everything seems done and dusted. But the real challenge lies in the adoption ‘of the physical keys by the users. It was revealed in a study carried out by John Hopkins University and the University of Maryland in 2016. Out of 500 users, a paltry number of one in four seem to adopt the 2FA authentication on all devices. About 45% of the users employed the 2FA authentication in some services only. While 68% of the users have only used the 2FA authentication, as they had no choice. This indicates that users need to attribute a bit more responsibility for their security.