Available in UK since last August, Titan keys are said to provide additional security for accessing Google’s online services and thereby prevent hacking. As a daily user of a Yubikey 4 security key, I was obviously impatient to be able to review this new offer.
This comes in the form of a package worth 55 euros, consisting of a USB-A / NFC key and a Bluetooth key. Why two? To be able to cover all the terminals on the market. The first allows you to use double factor authentication on a landline or on an Android smartphone with NFC. Unfortunately, iOS NFC cannot be used for authentication. This is why Google offers a second key for which dual factor authentication is done via Bluetooth. By connecting a micro USB cable, it can also carry out strong authentication on a fixed station and, therefore, serve as a spare wheel.
Quick and easy installation via USB
There is no difficulty in using the USB-A / NFC key. A link in the manual allows you to go directly to the correct configuration page, where you can add the security key to the Google account. Just follow the directions and a few minutes later the association is complete.
On a landline, each time the user connects to their Google account from any browser, they must show their white credentials by inserting the key and pressing the golden disc. Warning: Google offers by default to trust this browser and not ask for a second factor in the future. This option is obviously to be unchecked on a workstation with free access or shared with other people.
On an Android smartphone with NFC, it’s even easier. When connecting to a Google account, you just have to approach the USB-A / NFC key on the terminal, and validation is done automatically.
The burdens of Bluetooth authentication
Using the Bluetooth key on an iPhone or iPad, on the other hand, is much less fluid. To benefit from double authentication, you must first install the Google “Smart Lock” application and connect to your Google account. The application will automatically launch the pairing procedure of the Bluetooth key which requires the entry of a six-digit code indicated on the dongle.
Once this installation is complete, each connection to a Google account from an unknown browser or application will require launching “Smart Lock” and pressing the Bluetooth key for a few seconds. Compared to the NFC method on Android, this way of doing things is much more painful, and in addition it does not work every time. We can better understand why Yubico opted, in the case of the iPhone, for authentication via the Lightning socket. We have only reviewed this solution. Anyway, that of Google has at least the merit of existing as part of a packaged offer (for several terminals).
As the Titan security keys are based on the FIDO U2F standard (Universal 2nd Factor), they can be used for other services than those of Google. The USB-A key thus works perfectly, on a fixed station, for strong authentication of a Facebook or Twitter account.
On Android, NFC authentication on Twitter also works like a letter in the mail. On Facebook, however, this mode is bizarrely not offered. Other services that support FIDO U2F include GitHub, Dashlane, OneLogin or Dropbox. Note, however, that dual authentication for all of these third-party services will not be available for the iPhone. Smart Lock, in fact, only manages access to Google accounts. This is obviously regrettable.
In the end, what should we think of Titan security keys? It’s a great choice for those who have an iPhone and want to secure their Google accounts and a few other services. Even if Bluetooth authentication is not optimal, the two keys then make it possible to cover all possible situations, while offering intrinsic redundancy. With a price of 55 euros, it is certainly the best solution on the market.
Other solutions exist
For Android smartphone enthusiasts, this is already more questionable. The Bluetooth stick will likely end up in the bottom of a drawer and no longer be used. It might make more sense to spend seven euros more and buy, for example, two Yubico Security Key NFC keys. Such a pack would be functionally equivalent and would allow a second key to be truly operational in the event of loss of the first.
Finally, before making a choice, it is preferable to analyze the services or applications that you want to secure. Some can support FIDO U2F, while others use techniques like “One Time Password” or “Challenge-Response”. Another type of key may then be required.
The verdict of the review
This pack of authentication keys makes it possible to cover all the terminals on the market for a competitive price. But in reality, it is only really interesting for iPhone or iPad users, on whom the NFC is not available for authentication procedures.
Google's Titan Security Key Explained
U2F, Google Titan Key, and Advanced Protection Program
Google Titan Security Key | Review, Unboxing & Demo | How to securely log in with Google 2FA
Google's Security Key Explained
Google Titan Security Key Bundle | How to Set Up Advanced Online Protection