Google’s Titan Security Key is a Must-have for all High-priority Accounts in any Organisation

Google has recently announced that it will be launching its own security key called the Titan Security Key. It will come in both USB and Bluetooth versions and will be available by the end of the summer in Google's online store.

Google has planned to launch Titan security key after it was proven that Yubico's Yubikey had protected all 85,000 of Google employees from every single phishing attack since early 2017,  

Physical security key
What is a physical security key? How is it different from other forms of multi-factor authentication like OTP and Security Questions? How can it prevent phishing?

Multi-factor authentication provides an extra layer of security by using more than one method of authorizing and authenticating a user. In simpler words, in order to log in to an account, users will not only need their passwords but another (or more) token to login. Common examples are One Time Passwords and Security Questions.

In the case of a Physical Security Key, this second factor is actually stored inside a physical device hence if a user wants to log in, not only he/she enters the password, the physical key must also be connected to the device being used to log in. Only if both (password and security key) of them is present (and correct), the users get logged in.

These keys come in many forms like a USB stick or a Bluetooth fob that the users have to connect to their device when they try logging in. Besides this,  Security keys would also be able to warn you if you were visiting a phishing website.

How these prevent phishing is just like any other multi-factor authentication, i.e., even if an attacker manages to guess/gain the password via phishing or brute-forcing, he won’t be able to login to the account just by using the password and in the case of a physical key, obtaining both the factors would be extremely difficult for a malicious actor.

Ankush Johar, director at Infosec Ventures, said: "Physical security authentication is one of the most potent ways to stop phishing attacks. Not the most convenient or user-friendly, but inevitable if security of an email account is critical. This is a ‘must have’ for all ‘high value’, ‘high priority’ users in any large organisation, the security of whose accounts is crucial to the security of the organisation.

"Humans are the weakest link in cybersecurity and this is an important method of ensuring protection."

Farrhad Acidwalla, media entrepreneur and founder of CYBERNETIV, added: "When a behemoth the size of Google makes a pledge, it translates to a global wake-up call. Consumer and enterprise safeguards haven't proportionately compared with the number of phishing attacks by malicious entities.

"The world's favourite search engine giant has committed to preventing phishing attacks with a tool that was previously used internally by its employees resulting in no successful phishing attacks within. Google has now launched its own version of the technology, currently only for Google Cloud subscribers, and is calling it Titan Security Key.

"Google's influence and reach will trebuchet security awareness and consciousness especially relating to phishing amongst enterprises and consumers on scale. SMS codes and similar methods which are the current standard are not enough to stop a motivated hacker, thus the keys do not rely on single-use codes and dramatically eliminate the likelihood of an attacker guessing the code. The technology also reduces the probability of success of the extensively adopted MITM attack (man-in-the-middle)."

Google plans to release the Titan Key on the Play Store, however, for consumers and enterprises who value their security and would like to act on this right away, they could also use alternate security keys from other reliable manufacturers.