Google has been an advocate of technologies that can prevent unwanted attempts to log in to users’ accounts, and it now requires employees to use physical security keys in addition to entering their passwords. The additional layer of verification is meant to prevent cases of phishing, whereby hackers obtain personal information through fraudulent messages.
Titan not only looks like Feitian’s keys, but also bears a strong resemblance to USB keys from a U.S. company called Yubico, which can be used to log in securely to Google’s Gmail service, as well as Dropbox, GitHub and other web services.
But Yubico’s CEO, Stina Ehrensvard, made it clear in a blog post that Titan was not made by Yubico. Ehrensvard also criticized certain aspects of keys that use Bluetooth.
“While Yubico previously initiated development of a BLE [Bluetooth Low Energy] security key, and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability and durability,” wrote Ehrensvard, whose company has offices in Sweden and California. “BLE does not provide the security assurance levels of NFC and USB, and requires batteries and pairing that offer a poor user experience.”
In a blog post on Thursday announcing the availability of the Titan keys through Google’s online store, product manager Christiaan Brand said the Google firmware is sealed into special chips that are delivered to the manufacturing line. “The trust in Titan Security Key is anchored in the sealed chip as opposed to any other later step which takes place during device manufacturing,” Brand wrote.
Feitian has shared some social media messages referring to Google since the Titan announcement but had not made a public statement about the Google collaboration. Feitian did not immediately respond to a request for comment.
Google’s own website for enrolling in its “advanced protection” plan currently suggests that people who are in the U.S. buy a Feitian wireless key and a Yubico USB key through Amazon if they don’t already own two security keys. But these keys are not specifically marketed under Google’s Titan brand name.