The search engine outfit will flog you a Titan Security Key that sells for $50 from its Google store right now and includes a Bluetooth key, a USB key, and connectors.
The Titan Security Key was made available to Google Cloud users last month. But the security dongle is available right now to anyone who thinks they need stronger protection for their Google accounts and other online properties.
Writing in its company bog Google said that Titan keys are built on the FIDO standards and that the devices are designed to prevent hacks from manufacturing through actual use.
The firmware in charge of the crypto operations can’t be hacked before the product ships to consumers either:
The statement said: “The firmware performing the cryptographic operations has been engineered by Google with security in mind. This firmware is sealed permanently into a secure element hardware chip at production time in the chip production factory. The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material.”
The permanently sealed secure hardware chips are then delivered to the manufacturing line which makes the physical security key device. Thus, the trust in Titan Security Key is anchored in the sealed chip as opposed to any other later step which takes place during device manufacturing.
Google has been working with Yubico and NXP to develop security keys to be used inside Google. Since it began requiring security keys as a second factor for employees, Google had no reported or confirmed account takeovers following phishing attacks.
Titan Security Keys also works with Dropbox, Facebook, GitHub, Salesforce, Stripe, Twitter, and other services that support FIDO standards.