Google informs users about a vulnerability with their Titan Security keys

    Titan Security Keys are marketed as phishing-resistant two-factor authentication (2FA) devices that help protect high-value users such as IT admins. They have been around for quite some time and have been largely promoted as the most secure second-factor device ever, both by Google itself and media.

    However, a particular model of Titan ( BLE) turns out to be not very secure, as today, Google has sent out a message to G Suite administrators with users supposedly using the affected devices, recommending to replace the devices.

    While the details of the vulnerability are not disclosed and it is even not clear whether this is severe security at all, this incident shows again that there can never be a 100% secure method, and as usual, security-savvy users should be keeping abreast of the latest reports. So, if you happen to use any Google Titan Keys or Feitian MultiPass BLE U2F keys (both appear to be the same product), it is recommended to replace it with something more reliable (a TOTP token, for example).

    UPDATE: Regular users (non G-Suite) were also informed
    UPDATE2: This appears to be a security issue indeed
    UPDATE3: Feitian launches a replacement program
    AdBlock похитил этот баннер, но баннеры не зубы — отрастут


    Комментарии 4

      If google security key is not secure then what can we trust
      Огромный респект автору этой идеи! Проблема двухвакторной авторизации через смс — давно себя изжила. Пришло время создавать ключи для 2FA.

      Только полноправные пользователи могут оставлять комментарии. Войдите, пожалуйста.

      Самое читаемое