Skip to main content

Google’s in-house security key is now available to anyone who wants one

Google’s in-house security key is now available to anyone who wants one

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Photo by James Bareham / The Verge

Google’s Titan Security Key is finally available to anyone who wants one. The two-factor token went live today in the Google store, with a full kit available for $50, shipping immediately. The kits include a USB key, a Bluetooth key, and various connectors. The key has been available to Google Cloud customers since July, when the project was first publicly announced.

Built to the FIDO standard, the Titan keys work as a second factor for a number of services, including Facebook, Dropbox, and Github. But not surprisingly, they’re built particularly for Google account logins, particularly the Advanced Protection Program announced in October. Because the keys verify themselves with a complex handshake rather than a static code, they’re far more resistant to phishing attacks than a conventional confirmation code. The key was initially designed for internal Google use, and has been in active use within the company for more than eight months.

According to Google, the production process also makes the keys more resistant to supply chain attacks. “This firmware is sealed permanently into a secure element hardware chip at production time in the chip production factory,” Cloud product manager Christian Braand said in a post today. “The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material.”

You can enable security keys in your Google account from the two-step verification page, or sign up for the Advanced Protection Program here.