Published: Fri, July 27, 2018
Technology | By Russell Knight

Google to Sell Titan Security Key to Fight Phishing Attacks

Google to Sell Titan Security Key to Fight Phishing Attacks

That's where Google's latest product idea comes in: a hardware-based security key.

Google has deployed the US$20 YubiKey Security key. Google has a lot of sensitive user data, so it's very encouraging to know its employees aren't getting phished. Google has been using physical security keys internally for months, with none of its employees experiencing phishing attacks after the firm moved to use security keys for the past year. How Google has managed to keep its employees safe?

The larger model appears to have a USB-C port for charging and Bluetooth Low Energy support as well and the other uses a standard USB port and connects to laptop computers. No special drivers or software are needed.

Turkey places jailed USA cleric under house arrest
Pence highlighted cases of religious repression in Nicaragua, Iran, China and Myanmar. Gulen, who denies orchestrating the coup attempt, lives in Pennsylvania.

Google plans to release the Titan Key this year as a security solution for general users. The company apparently loves physical security keys so much that it will soon start selling its own. Duo Security [full disclosure: an advertiser on this site] also can be set up to work with U2F.

Security keys follow the Universal 2nd Factor (U2F) standard, which hasn't yet been super widely adopted across the internet. While SMS-based two-factor authentication is definitely better than just securing your account with a password and hoping for the best, that method does have its vulnerabilites. It's also supported by browsers including Firefox, Chrome, and Opera. Trying to hack someone with this security setup isn't easy, but it can still be done. Apple has not announced a date for the roll-out of U2F on Safari. Google has went a step ahead to provide provide physical USB security keys.

The Titan is a physical security key that adds a layer of authentication to an account - one that a digital authenticator can't match.

House Republicans Move to Impeach Deputy Attorney General
At a Congressional hearing last month, Rosenstein responded to charges by Jordan that he was "hiding information from Congress". The move comes after a tense, monthslong tug of war over the Justice Department's production of documents and information.

If a site you frequent does not yet support WebAuthn, please consider hardening your login with another form of 2FA. These are used in place of passwords and one-time codes, such as those created by tools such as Google Authenticator, which Google's workforce of more than 85,000 staff were required to use before.

According to Google, a common phishing attempt is to put up a fake website that pretends to be a Google service (such as Gmail) asking for a two-factor authentication code. Exactly how Google's Advanced Protection works (and the trade-offs involved in turning it on) will likely be the subject of another story here, but Wired.com recently published a decent rundown about it.

This doesn't rule out the possibility that phishing attackers have been able to steal employee credentials, simply that they haven't been able to overcome the extra layer provided by token security to take control of an account.

Longest Blood Red Moon Witnessed Friday for Two Hours
Earth's shadow moves over the moon, blocking the sunlight that ordinarily reflects off its surface and giving it a reddish glow. An eclipse occurs when the Earth comes between the moon and the sun, causing the Earth's shadow to cover the moon.

Like this: