Recently, Google announced they would be distributing one of their newest security products, dubbed Titan, to Canada, Japan, France, and the UK in a big global move. In the wake of the announcement, some wonder what is Google Titan? Let’s explore the product together.
What is Google Titan?
Google Titan is a hardware security key that can be used for two-factor authentication (2FA). They are designed to work with a number of browsers, and are compatible with Google’s Advanced Protection Program. Google describes these USB/Bluetooth keys as a “phishing resistant” solution that works with services supporting FIDO (Fast IDentity Online) standards.
In practice, they are very similar to other options available, Yubikey being one of the more prominent examples. Titan, of course, is more tailored towards uses with Google’s Cloud Identity. It can also be leveraged to authenticate to a number of third-party web applications as well.
Problems with Titan
In an era where identity security is paramount, using 2FA security keys like Titan is an excellent way to prevent attacks. In fact, according to Google’s own report on 2FA basics, security keys prevent 100% of account takeovers. Like with many of Google’s solutions, the tech giant has gone through certain lengths to promote the security uses for the Titan product.
A major drawback of Titan, however, is that unlike Google Authenticator, a free application that generates time-based one-time passwords (TOTP) for 2FA, people need to buy Titan to use it. Google Authenticator and other prompted device-based 2FA methods also fared well in Google’s 2FA basics report. Beyond that, they need to learn how to integrate and use them with their web apps as well as protect the physical key from theft.
Additionally, like we said earlier, these keys are limited only to browser-based resources. This means that systems, networks, and on-prem apps are left out, requiring another service inorder to implement 2FA across them. IT admins need their 2FA/multi-factor authentication (MFA) tooling to be able to be spread across most, if not all of these resources.