If you’re worried about the security of your Google account and have $50 to drop, Google has a deal for you. The search giant just announced its Titan Security Key Bundle, a pair of two security keys designed to act the second factor in two-factor authentication and make phishing attacks basically impossible.
The release comes a few months after a Google spokesperson (calculatedly, it seems) told security blog Krebs on Security that the use of such keys dropped successful phishing attacks among its own employees to zero. Now they are available for you.
Google’s Titan bundle is a similar implementation to already existing solutions like the Yubikey, where instead of receiving a confirmation code by SMS or using an authenticator app, you prove you are actually you by having a special, physical key on your person. The Titan bundle isn’t just one key though, it’s a pair of devices: one Bluetooth-enabled dongle for connecting to mobile devices, and one USB stick for more traditional desktops. The pair of devices also doubles as security—you can leave one at home as a backup.
The keys work using the open FIDO standard, so they’re not just for securing your Google account or using on Google Chrome but can also be used with other browsers and services that support the standard, like Firefox, Dropbox, and Github.
For now, they’re available in the U.S. for $50 a pair which is a bit pricey considering the Bluetooth dongle appears to be a rebranded version of the (cheaper) Feitian MultiPass Security Key that’s gotten some bad reviews on Amazon for its poor build quality. That said, if you’re worried about misplacing your key as much as you are about your security, the Titan bundle might be a good buy specifically because the pairing of two keys gives you an important bit of redundancy you won’t get with, say, a single Yubikey for the same price.
At the very least, you should take a few measures to increase your security in ways you can for free, like turning two-factor authentication on if you haven’t already, and downloading an authentication app to generate codes, which is safer than receiving them over SMS. It may seem like a chore, but it’s much better to grit your teeth through the hassle than to get hacked and wish you had.