Google Titan Security Key now available(store.google.com)
store.google.com
Google Titan Security Key now available
https://store.google.com/us/product/titan_security_key_kit?hl=en-US
143 comments
Given the recent amount of reports of counterfeiting on Amazon (not specifically this product), I'd buy my security keys elsewhere.
That does not make sense in this case.
The key is made by a company called Feitian (Feitian Technologies Co., Ltd), on Amazon. That's the original manufacturer selling directly on Amazon [1]. That's the only one available. Its about as authentic as you can get on Amazon. I'd rather buy it from Gearbest or Banggood but they don't sell this. And Google just sells it rebranded.
Though I won't buy this (I could use the BLE part of it), since for one it doesn't seem to be build strongly (overcome-able but still), it only seems to work with Chrome according to reviews (I use Firefox), and I'm unsure if Bluetooth is secure for this method, nor reliable. NFC should be fine, since its much closer range, and I have a YubiKey NEO but my phone doesn't have NFC, unfortunately.
[1] https://www.amazon.com/Feitian-MultiPass-FIDO-Security-Key/d...
The key is made by a company called Feitian (Feitian Technologies Co., Ltd), on Amazon. That's the original manufacturer selling directly on Amazon [1]. That's the only one available. Its about as authentic as you can get on Amazon. I'd rather buy it from Gearbest or Banggood but they don't sell this. And Google just sells it rebranded.
Though I won't buy this (I could use the BLE part of it), since for one it doesn't seem to be build strongly (overcome-able but still), it only seems to work with Chrome according to reviews (I use Firefox), and I'm unsure if Bluetooth is secure for this method, nor reliable. NFC should be fine, since its much closer range, and I have a YubiKey NEO but my phone doesn't have NFC, unfortunately.
[1] https://www.amazon.com/Feitian-MultiPass-FIDO-Security-Key/d...
The Feitian works just fine with the latest Firefox builds. The bluetooth functionality is great if you have an iPhone.
I assume everything on Amazon is a counterfeit and plan accordingly. Have you heard anything about Walmart? They have free two day shipping and I haven't heard any counterfeit horror stories (yet)
They allow third party sellers so if it's not a problem now it will become one.
Do they also mix inventory geographically?
Doubt it. Third party seller stuff looks to be shipped by that seller. The way it should be.
That's good. Prevents your customers getting fake products if you, as a seller, don't intent to. (Excluding warehousing mistakes, etc).
This way a reputation system is more effective.
This way a reputation system is more effective.
I wouldn't go that far. There is really nothing wrong with offering fulfillment services.
The comingling of products in the binning process isn't good, though.
The comingling of products in the binning process isn't good, though.
"Firmware for Titan Security Keys is engineered by Google, to verify the key’s integrity."
That won't resolve many of the negative reviews of the MultiPass key, since they're complaints over the physical design and usage.
Yes. Sorry I should have made it clear I was addressing the second part of your comment, i.e. a reason to pay $50 for hardware you can get for $42 elsewhere
I suspect these keys will be FIDO2, so even if they look the same, even Feitian might raise up its prices a little bit supporting the new standard. I don't know, just guessing.
Also, in Google's $50 there are also 2 cables usb-a2c and c2a. I guess they decided to go the way of the complete package with all you may need.
Also, in Google's $50 there are also 2 cables usb-a2c and c2a. I guess they decided to go the way of the complete package with all you may need.
BTW, we're working on an open source FIDO2 security key, Solo.
We're having a kickstarter soon, and if you're interested you can join the waiting list at https://solokeys.com/
We're having a kickstarter soon, and if you're interested you can join the waiting list at https://solokeys.com/
I don't think this is true. Titan seems to be an in-house project. Are you basing this assumption on anything but the exterior looks?
(I work at Google).
While I don't know whether or not Feitan manufactures those keys, I believe the answer is that they don't. More importantly though, that article doesn't really provide any detail one way or the other. Advanced Protection works with any FIDO/U2F key. Feitan's keys are valid AP keys. Titan keys are valid AP keys. Yubico keys are valid AP keys.
That a key works with AP doesn't say anything about who made it, and that article just says that you can use Feitan's keys with advanced protection, not that they're Google's key manufacturer. In fact I think that article is from before Google announced the Titan keys, but I'm not 100% on that.
While I don't know whether or not Feitan manufactures those keys, I believe the answer is that they don't. More importantly though, that article doesn't really provide any detail one way or the other. Advanced Protection works with any FIDO/U2F key. Feitan's keys are valid AP keys. Titan keys are valid AP keys. Yubico keys are valid AP keys.
That a key works with AP doesn't say anything about who made it, and that article just says that you can use Feitan's keys with advanced protection, not that they're Google's key manufacturer. In fact I think that article is from before Google announced the Titan keys, but I'm not 100% on that.
Google provided identical Feitan keys for Advanced Protection as recently as a couple of months ago[0]. AP works with any FIDO key, but that isn't what we're discussing, we're discussing that these are re-badged Feitan keys. Which they most likely are.
[0] https://i.imgur.com/5EWh0jx.png
[0] https://i.imgur.com/5EWh0jx.png
Yes, Google used to provide Feitan keys. That doesn't really address whether or not these are Feitan keys. (I'm also not sure what you mean by rebadged).
Rebadging is when you primarily change the branding of a product (and some customizable aspects of it). Sometimes these are white label products whose entire purpose is to be rebadged, other times it’s another companies offering.
I read the doc. Seems to be something like a user guide for the Feitan product published a year ago. Never it mentions the hardware/firmware of Titan keys that Google sells today is theirs. Most security keys from various companies look alike.
Sure most security keys look vaguely similar but these are clearly completely identical physical designs. Why would you think they happened to make an extremely detailed clone of the Feitian hardware rather than simply buying it and flashing their in house firmware?
As a person enrolled in Google's Advanced Protection Program, Google recommended that I use the Feitian Multipass Key upon sign up. I bought a few of those, and it looks exactly like the key in that picture. I'm looking at my Feitian right now, and I can promise you it's the same.
Feitan > Titan
It's only a syllable away.
It's only a syllable away.
$50 seems very expensive. The actual hardware probably does not cost more than $10 and I can't see adoption of FIDO keys becoming widespread unless companies are willing to sell keys at or below cost.
Yubikeys are about the same cost:
https://www.yubico.com/product/yubikey-4-series/
What makes you think that the cost to produce the hardware is less than $10? And what reason would companies have to offer keys below cost?
https://www.yubico.com/product/yubikey-4-series/
What makes you think that the cost to produce the hardware is less than $10? And what reason would companies have to offer keys below cost?
The open-source U2F Zero claims ~$3 of parts and a ~$2 PCB [1] ordering a single unit. Making a large volume, that price is only going to come down.
Admittedly you'd have to pay for a plastic case, assembly costs, an envelope and stamps. But if I can get a 16GB flash drive for $8 with free shipping [2] the plastic case, assembly etc can't be that expensive!
[1] https://github.com/conorpp/u2f-zero [2] https://www.amazon.com/SanDisk-Cruzer-Low-Profile-Drive-SDCZ...
Admittedly you'd have to pay for a plastic case, assembly costs, an envelope and stamps. But if I can get a 16GB flash drive for $8 with free shipping [2] the plastic case, assembly etc can't be that expensive!
[1] https://github.com/conorpp/u2f-zero [2] https://www.amazon.com/SanDisk-Cruzer-Low-Profile-Drive-SDCZ...
Bulk procurement, certification, software all affect cost, of course.
When a flaw was discovered in 4096-bit RSA ley generation, Yubico sent me replacements for all of my registered hardware tokens, no additional cost to me.
Good thing about a standard like U2F is reducing software and certification costs, and sure if you are clear to offer no post-sales support, then you should be able to get legitimate hardware for maybe $10.
When a flaw was discovered in 4096-bit RSA ley generation, Yubico sent me replacements for all of my registered hardware tokens, no additional cost to me.
Good thing about a standard like U2F is reducing software and certification costs, and sure if you are clear to offer no post-sales support, then you should be able to get legitimate hardware for maybe $10.
Oh, absolutely! I was responding to the statement "The actual hardware probably does not cost more than $10" which refers to the hardware specifically. The retail price would be higher than the hardware costs to cover software, support costs, returns, profit, shipping, credit card fees, and so on.
The Yubikey 4 also provide more functionality such as PGP.
This is more like the Yubikey Security Key ($20): https://www.yubico.com/product/security-key-by-yubico/#secur...
This is more like the Yubikey Security Key ($20): https://www.yubico.com/product/security-key-by-yubico/#secur...
If a bluetooth locator tag is only about £3.34 [1], then a tag with an encryption chip should not be 10x the cost. Google has an incentive for their keys to become widespread and well adopted because people will associate their brand with "high security". It also actually helps Google if they don't have to deal with support requests from users who've had their accounts compromised.
[1]http://amzn.eu/d/bMowBkS
[1]http://amzn.eu/d/bMowBkS
You are a web developer. Do you place any value on the cost of developing software?
Yes of course, but the reason I mentioned the hardware cost is because that scales linearly with demand and software cost does not. The market for these kind of security devices is tiny right now but has the potential to be huge in the future. It would make sense for Google to sell their hardware at the lowest price they can in order to get people on board, after which network effects will ensure people stick with Google's services.
When selling hardware, unless you are extraordinarily dominant in a very large and highly competitive market (television manufacturing), care only about marketshare (lower-tier smartphone manufacturers), or have another revenue stream (game console sellers) generally speaking you should target 3x BOM as your final retail price at an absolute minimum.
That's just for hunks of plastic. For complex (not a hunk of injected-molded plastic) devices with high non-BOM costs, you should be targeting 4x-5x at a minimum.
Also, the 3x-5x rule is for bare-bones lean operations. If you actually want to make money, compensate your employees well, practice good environmental stewardship in the construction of your products, use a manufacturer that treats its employees with respect, and have a healthy business where you are prepared to weather future changes in the market, your BOM costs should be LESS THAN 20% of the MSRP.
The model is also different if you are a Shenzhen ripoff factory dumping goods onto the market through Marketplace Sellers or Drop-Shippers. But that is not a model compatible with long-term prosperity or worker satisfaction.
That's just for hunks of plastic. For complex (not a hunk of injected-molded plastic) devices with high non-BOM costs, you should be targeting 4x-5x at a minimum.
Also, the 3x-5x rule is for bare-bones lean operations. If you actually want to make money, compensate your employees well, practice good environmental stewardship in the construction of your products, use a manufacturer that treats its employees with respect, and have a healthy business where you are prepared to weather future changes in the market, your BOM costs should be LESS THAN 20% of the MSRP.
The model is also different if you are a Shenzhen ripoff factory dumping goods onto the market through Marketplace Sellers or Drop-Shippers. But that is not a model compatible with long-term prosperity or worker satisfaction.
the secure element alone is $5 at million quantity
1. why not going from usb-c to usb A with adapter than the other way round (this laptop photo looks so ugly with the usb-c->usb A adapter).
2. this link does not work outside US
2. this link does not work outside US
Can't see the page, but that there is not a USB C variant is bonkers. All Google engineers I know use mac devices.
Most of the Google engineers I know use Chromebooks and Linux laptops. Most Chromebooks also only have USB C.
I use a Mac at work. It has 0 USB Type C ports.
The only computer I own that has a USB Type C port is my homebuilt desktop, and it's on the back, and I don't think the Windows driver actually works.
The only computer I own that has a USB Type C port is my homebuilt desktop, and it's on the back, and I don't think the Windows driver actually works.
I'm not suggesting they should only produce a USB C variant, I'm suggesting that they produce a USB C variant.
You should know that Apple moved to USB-C only for its Macbook line years ago.
>why not going from usb-c to usb A with adapter than the other way round
To my knowledge there are no such adapters that are compliant with the USB spec.
To my knowledge there are no such adapters that are compliant with the USB spec.
interesting, first time I hear that. There are definitely such adapters available on the market. So they are all violating the spec?
Yes. Since USB-C devices can draw significantly more power than USB-A can supply, any USB-C device into USB-A port adapters are disallowed.
Uh? Then how do I plug my USB-C Samsung phone into an USB 2.0 A port on my laptop with an official Samsung cable found in the phone's box? Do I misunderstand something? Is the cable "illegal"?
The real reason is to prevent hooking up two dumb Type-A host side power supplies, as I pointed out in another post. A properly implemented Type-C device will not draw high currents without power negotiation. (I'm looking at you, Nintendo)
Cable not adapter. IIRC a cable is okay but the adapter version is not. Like mentioned above/below, this is to prevent other USB-A things from causing problems. When you have a fixed cable, you remove a lot of the potential issues for misuse.
[deleted]
This link should work everywhere:
https://store.google.com/us/product/titan_security_key_kit?h...
https://store.google.com/us/product/titan_security_key_kit?h...
Or just sell both form factors. Even if they sold a USB-C version, though, it's not really useless for all of us poor schmucks who are using Macbooks with only two ports.
I would prefer one from Apple. I don't trust Google as much as I do Apple, simply because I know they don't make money from my data. The fact that the FBI couldn't get into an iPhone makes me trust Apple much more. If I start using this Google key, I'm not sure how far in bed they are with the government and if they can crack my accounts.
> The fact that the FBI couldn't get into an iPhone
You sure about that?
1. FBI unlocks iPhone without Apple's help
2. Snowden documents show 100% success rate against iPhones
3. Graykey device to break into iPhones
[1] https://www.npr.org/sections/thetwo-way/2016/03/28/472192080...
[2] https://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-rep...
[3] https://blog.malwarebytes.com/security-world/2018/03/graykey...
You sure about that?
1. FBI unlocks iPhone without Apple's help
2. Snowden documents show 100% success rate against iPhones
3. Graykey device to break into iPhones
[1] https://www.npr.org/sections/thetwo-way/2016/03/28/472192080...
[2] https://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-rep...
[3] https://blog.malwarebytes.com/security-world/2018/03/graykey...
I would prefer one from Apple as well, but mostly because my laptop (which was built by Apple) only has USB-C ports, so carrying an USB-A adapter, like the one shown in the picture [1], would be a deal breaker for me and many others. Something like the YubiKey 4C Nano [2] would be good.
[1] https://i.imgur.com/79ojvAK.jpg
[2] https://www.yubico.com/product/yubikey-4-series/#yubikey-4c-...
[1] https://i.imgur.com/79ojvAK.jpg
[2] https://www.yubico.com/product/yubikey-4-series/#yubikey-4c-...
If you're clever about it, you can do U2F using the secure enclave built into touchID. You don't even need a separate device.
I’ve been interested in setting something like this up. Are you aware of software that exists for it already?
Isn't it incredibly risky to leave it in-port? If the laptop is stolen, the thief also gets all your logins...
If someone has physical access, isn't it considered compromised anyway?
If it gets stolen, and the thief is actually trying to take over your accounts, then the process of proving that you are the rightful owner is probably easier if you have the key than if the thief has both the laptop and the key.
We don't know if or when the FBI will be able to crack iPhones. There are news (maybe fake) on the internet about a machine that can be plugged into iPhones and dump data from it, and that machine is only sold to thieves or gov agencies.
When you look at the recent clashes with Google and the gov, for example stopped military project or Trump accusing Google of political bias, it doesn't seem Google is "in the same bed" than the gov.
To me, both Apple and Google are good trustable and competent entities. They both have high standards. I personally trust Google more about data security, but I guess everyone is different.
When you look at the recent clashes with Google and the gov, for example stopped military project or Trump accusing Google of political bias, it doesn't seem Google is "in the same bed" than the gov.
To me, both Apple and Google are good trustable and competent entities. They both have high standards. I personally trust Google more about data security, but I guess everyone is different.
And here they are. Every time. Without fail. Without any data to backup FUD. The Apple fanbois. The Google haters.
It’s so big. Couldn’t they have come up with a more subtle form factor?
TBF, it does have 'titan' in the name.
[deleted]
The description doesn't say if the keys are compatible with FIDO2 / Webauthn, which seem to be the new standard superseding FIDO (namely with password-less and multi-factor auth).
It would be disappointing if not...
"Available" just like Google One is? I hate when people make things "available" this way! Don't they know the meaning of the word?!
That's on the person who submitted, not Google. The word "available" doesn't appear on the page in regards to this product.
I already gave my email to Google that I'm interested and now I need to be added to yet another waiting list? What's the point? All this buzz is actually hurting Google as people become aware of these products and services and because Titan is not immediately available, they will end up with alternatives such as YubiKey.
And, for the record, Google sent me an email that Google One is available, but it is not.
Isn't this the same as a code app like Authy? Why carry the extra dongle?
While both handle two factor authentication, Authy only assists with time based one time passwords (TOTP) which still leaves the end user open to phishing. These security keys are meant to be used with universal second factor (U2F) which prevents phishing entirely.
https://en.wikipedia.org/wiki/Time-based_One-time_Password_a...
https://en.wikipedia.org/wiki/Universal_2nd_Factor
https://en.wikipedia.org/wiki/Time-based_One-time_Password_a...
https://en.wikipedia.org/wiki/Universal_2nd_Factor
Similar use case (2FA), but different implementation.
Instead of typing in a code, you press a button. It also protects against phishing by validating the URL of the site you're authenticating on (with a code-based 2FA you can still enter your code on a phishing site, which then forwards it to the real one).
Instead of typing in a code, you press a button. It also protects against phishing by validating the URL of the site you're authenticating on (with a code-based 2FA you can still enter your code on a phishing site, which then forwards it to the real one).
Good reasons, thanks!
There are apps that also validate the source and can automatically sign you in (or require a button press), e.g. https://www.kryptco.com
Seems like it might be useful, but haven't had the time to try it out yet.
Seems like it might be useful, but haven't had the time to try it out yet.
AIUI Krypton is basically doing the same thing as these FIDO2 Security Keys, but their software substitutes an app on your Phone for the Security Key. So a web site offering WebAuthn can't tell the difference (unless you allow it to interrogate the "Security Key" to ask who made it, which you probably shouldn't)
I personally would rather have Security Keys, but a solution like Krypton is definitely easier for a lot of users and obviously the price differential is hard to argue with.
I personally would rather have Security Keys, but a solution like Krypton is definitely easier for a lot of users and obviously the price differential is hard to argue with.
An app has a much larger attack surface (for instance from malware on the phone).
TOTP has to use short easy to enter codes (six digit numbers), Titan is doing a full handshake using modern cryptography with sensable key lengths.
In many use cases pushing the button on the key is quicker/easier then using the app.
For 50$ I don't really see the point in this, Yubikey already asks this much.
I'll probably wait out for the FIDO2 upgrade on the u2fzero...
I'll probably wait out for the FIDO2 upgrade on the u2fzero...
How would Google Titan improve the 2F experience for someone who already uses a dongle-key device like a Yubikey, for example?
It won't. Stick with what you have, it's essentially a bundle to help non-U2F owners start with their Advanced Protection Program.
[deleted]
It's pretty much the same.
One of these keys has bluetooth so it also works with iphone without any cable.
One of these keys has bluetooth so it also works with iphone without any cable.
The Feitan key's Bluetooth works with Android and iPhone but it won't work with your Mac or Windows. I own one, that bit was an unexpected pain for me.
The problem I think is the browser, e.g. Chrome only implements CTAP over USB. The Secure Click (yet another security key) is sold with a usb2ble dongle, so you can use it wirelessly also with your laptop/desktop.
Is it possible to use the Bluetooth dongle with a desktop computer without a cable? Having to carry both on your keyring kind of defeats the purpose, because even Google's own guidelines tell you to store one in a safe place and keep the other one in daily use.
Yea I was wondering this too.
What does this offer over Yubi?
The wireless one has Bluetooth - which is the only way to go on iOS for now.
You may be interested in some yubikey iOS news that came out in may https://www.yubico.com/2018/05/yubikey-comes-to-iphone-with-...
Yes. Unfortunately it is still only OTP (vulnerable to fishing).
Let’s hope that one day Apple opens full access to the NFC chip.
Let’s hope that one day Apple opens full access to the NFC chip.
How secure is Bluetooth - how do we know snoopers aren't stealing keys wirelessly?
The most likely snoopers are far far away, probably even a different timezone. If you have local burglars around they'll just break your windows and doors to get things anyway.
(And Bluetooth isn't that bad either?)
(And Bluetooth isn't that bad either?)
Or just sit down next to you for a few minutes until you use your device and then walk away?
I'd rather force them to smash my windows and doors rather than just give them what they want in passing.
I'd rather force them to smash my windows and doors rather than just give them what they want in passing.
Let's be real, how often does an attack like that happen?
Yes, a localized attack is still possible but you probably have a different set of worries if attacks are going so far as to be within a short distance of you.
These tools are about reducing the effectiveness remote attacks which are much more logical to carry out.
Yes, a localized attack is still possible but you probably have a different set of worries if attacks are going so far as to be within a short distance of you.
These tools are about reducing the effectiveness remote attacks which are much more logical to carry out.
How often do you work from a coffee shop? Ever wonder if anyone else in the shop has a minimized wardriver or "blue-driver" sniffing wireless connections? Or maybe their device is infected with a trojan, and a remote attacker is using their device to sniff a random network, which you happen to also be using.
Really? I would assume that the snoopers have access to another Bluetooth-enabled device nearby, such as pretty much any modern desktop or laptop computer.
Wouldn't a pilfered TOTP code be useless after five seconds anyway?
They tend to last for a minute, but 5 seconds is more than enough time for the phishing site to submit it and have it work.
TOTP does not solve phishing in any meaningful way.
TOTP does not solve phishing in any meaningful way.
Question for Advanced Protection and Mac users.
Have you managed to authenticate your Google account with your U2F keys on your Mac?
If you have, please help the rest of us out, I get an error:
> You can only use your Security Keys with Google Chrome.
Here's a StackExchange question for some karma: https://apple.stackexchange.com/questions/327491/how-do-i-us...
Have you managed to authenticate your Google account with your U2F keys on your Mac?
If you have, please help the rest of us out, I get an error:
> You can only use your Security Keys with Google Chrome.
Here's a StackExchange question for some karma: https://apple.stackexchange.com/questions/327491/how-do-i-us...
Nice for humans, but these dongles don't solve the problem of automated background services having to log in to machines to complete their tasks. How do people solve this problem?
Per-purpose passwords. https://support.google.com/accounts/answer/185833?hl=en
Per-purpose users (with very limited rights) on machines, inside per-purpose VMs (with very limited network if any)... etc.
Per-purpose users (with very limited rights) on machines, inside per-purpose VMs (with very limited network if any)... etc.
A persistent token like OAuth. Generally, you want these to be time-limited, scope-limited, and traceable to a human (probably issued by touching a security key).
Part of the idea behind the security key is to prove that a human is requesting access and that is why there is a button to press. If your application is designed to give privileges to robots, then a security key is completely orthogonal to that.
Part of the idea behind the security key is to prove that a human is requesting access and that is why there is a button to press. If your application is designed to give privileges to robots, then a security key is completely orthogonal to that.
What's the summary on how security keys compare to Google's tap-to-sign-in flow? https://support.google.com/accounts/answer/7026266?co=GENIE....
The store page sucks balls - no details whatsoever!
Does anyone know how these keys could be used for TOTP? In case of Yubikey one could use an app which effectively acted as a proxy between the TOTP-based system and a hardware key. Does the Google key support the same functionality?
Does anyone know how these keys could be used for TOTP? In case of Yubikey one could use an app which effectively acted as a proxy between the TOTP-based system and a hardware key. Does the Google key support the same functionality?
These devices don't have a real-time clock, so TOTP is out of the question. A Yubikey by itself is incapable of doing TOTP, too – it just acts as a hardware authenticator for the actual password generator. HOTP/counter mode doesn't have this requirement.
Yubikey does support storing TOTP secrets. It requires you use their app (desktop or android) which then provides the time component.
Pretty cool, I like that it comes with two keys at the start so you have a backup, unlike Yubi where I have to buy two before I can even get started in earnest. Still living the dongle life though, but it appears to come with its own usb a -> c adapter at least.
Excuse my ignorance (I'm trying to understand by googling). I know it's not the same technology but is it the same concept (public/private key) as for example the Estonian government uses for identity and accessing government services?
I would rather use something like this:
https://www.thingiverse.com/thing:1970583
[deleted]
Is it possible to set up advanced protection on the ipad using the camera adapter and a yubikey, or a bluetooth key required?
Anyone able to actually purchase one? I'm just seeing a "Join waitlist" button.
Just to make sure.. these don't provide GPG/PGP smartcard support, right?
Can I use it for my bank too?
Vanguard lets you use a security key as a second factor. It is the only finance-related website I've ever seen that does so. (And it's probably because Google made them, as that's where my Google 401k was.)
Vanguard? That's a laugh. There's a link on the login page "I don't have my device with me, send me an SMS instead". This cannot be disabled.
Haha, probably not[0].
[0] https://twofactorauth.org/#banking
[0] https://twofactorauth.org/#banking
Maybe in a few years time
Not really if your bank doesn't support U2F and/or TOTP.
Is it sort of a ubikey?
Yeah, no thanks
I only see Chromecast and Chromecast Audio on this page.
Same here.
Use this link to force-redirect to the US product page: https://store.google.com/us/product/titan_security_key_kit?h...
(mods, can we please change the story URL to the above one? It should show the correct item globally and thus leaving less people confused.)
Use this link to force-redirect to the US product page: https://store.google.com/us/product/titan_security_key_kit?h...
(mods, can we please change the story URL to the above one? It should show the correct item globally and thus leaving less people confused.)
Likely US only. I can access the page via https://store.google.com/us/product/titan_security_key_kit, but ordering would likely require US address.
US only, it seems.
Here's a wayback machine link: http://web.archive.org/web/20180830111650/https://store.goog...
UK, same issue. Possibly only available on the US store, or similar?
I don't see them either, it might be region-bound.
Also not visible in Germany.
Am I correct in my understanding that this will only work for Google devices? It states that, but at least for the physical U2F key I don’t see why that wouldn’t also work on a non-Google device.
EDIT: Revisting, it states anything running Google Chrome should also work. So I guess macOS should be fine, what about iOS?
EDIT: Revisting, it states anything running Google Chrome should also work. So I guess macOS should be fine, what about iOS?
(I got these at a Google thing at DEF CON.) Both work with Firefox on Linux, without any Google software. Haven't yet found non-Google software on Android (Lineage) that can talk to them.
I asked at DEF CON about these, but they said they were not the same as the Titan. Hardware looks to be the same, but they may not have the Titan firmware, but rather the original Feitian one. I...don't actually know how to verify that claim though.
The Bluetooth one works for iOS. I'm not sure about connecting a USB one in some way - haven't tried.
The countdown starts and runs until some 12 year old breaks it wide open.
They both seem to be re-branded Feitian, which cost less ($25 + $17 = $42) when purchased under that brand from Amazon than the Google Titan moniker.