Google's Security Key Can Now Work With USB-C

Google has just introduced a new method to help users secure their online accounts, but this measure calls for a USB-C port on your computer or laptop. The device is a USB-C Titan Security Key, a product of Yubico. It can work with macOS, Android, Windows, and Chrome.

Titan Security Keys are Google’s 2FA (two-factor authentication), which is made to identify a person when they sign in an online account, making it harder for hackers to take over. Google has already offered two other models that can work via Bluetooth and NFC.

Users of iPhones or iPads may want to take a look at the YubiKey 5Ci equipped with Lighting cable.

No Bluetooth Support

The new security key does not support Bluetooth so there is no way you can sign in without actually plug it in the device.

The reason for this is Bluetooth-compatible keys have suffered from remote hijack attempts of hackers. The issue was so severe that Google has to replace them for free for users who have bought the keys.

Yubico has long opposed the idea of a Bluetooth device stating that such keys did not meet their standards of durability and security.

Passwordless Authentication On The Rise

This new security key makes use of the FIDO standard, the creation of both Yubico and Google back in 2012, as another layer of protection. When you first register the key online, it will make a pair of private key-public key by leveraging asymmetric encryption.

In the authentication process, with either biometrics or PIN, you can be identified by sending a message encrypted by the private key to the online service, which in turn, will decrypt it using the public key generated earlier.

The mechanism offers a better way for people to sign in safely to their accounts online, yet these security keys developed by Microsoft and Google have not seen a general adoption. It comes as no surprise that these companies are looking to integrate this feature into the operating systems themselves expecting that users will opt for more secure measures.

According to Jim Ducharme, RAS's VP of Identity Products, the FIDO standards may bring about a world where passwords are no longer needed. However, time is needed before the they can be integrated into browsers, apps, and devices before we can hope for the day IT departments in organizations will support it.

Identity As A Service

Google is not the only company that is increasing its investment in IDaaS (short for identity as a service). We are currently having Facebook, Apple, Twitter, and Microsoft, and even some cellular carriers. Ducharme said that identity was now one of the most serious issues. It was the security postures' weakest link.

This is why organizations are considering using a solution of authentication that can study devices, user access, behavior, and application to make sure that users are who they claim to be.

However, FIDO standards are far from being an ideal solution for businesses to go passwordless, because it calls for the latest devices, software, infrastructures, and browsers in order to work. We are still working toward a passwordless world. With Face ID and Touch ID, we have reached a milestone in seeing that future happens. Now what we have to do is to find a way to help users authenticate on devices that do not have FIDO capabilities and biometrics.

Interested users can buy the USB-C Titan Security Key of Google on the Google Store starting today.