Google informs users about a vulnerability with their Titan Security keys


    Titan Security Keys are marketed as phishing-resistant two-factor authentication (2FA) devices that help protect high-value users such as IT admins. They have been around for quite some time and have been largely promoted as the most secure second-factor device ever, both by Google itself and media.

    However, a particular model of Titan ( BLE) turns out to be not very secure, as today, Google has sent out a message to G Suite administrators with users supposedly using the affected devices, recommending to replace the devices.



    While the details of the vulnerability are not disclosed and it is even not clear whether this is severe security at all, this incident shows again that there can never be a 100% secure method, and as usual, security-savvy users should be keeping abreast of the latest reports. So, if you happen to use any Google Titan Keys or Feitian MultiPass BLE U2F keys (both appear to be the same product), it is recommended to replace it with something more reliable (a TOTP token, for example).

    UPDATE: Regular users (non G-Suite) were also informed
    UPDATE2: This appears to be a security issue indeed
    UPDATE3: Feitian launches a replacement program
    Token2.com
    49.40
    Company
    Share post

    Similar posts

    Comments 3

      +2
      If google security key is not secure then what can we trust

    Only users with full accounts can post comments. Log in, please.