When cyber crime makes the news it’s usually when something dramatic happens, a rogue state releasing stolen intelligence or a department store coughing up thousands of credit card numbers. Phishing is a less sexy form of cyber crime that rarely makes the news, but it’s a problem for us all. And Google is trying to solve with its new Titan Security Key Bundle.
Phishing is the theft of consumers’ personal identity data, often using fake websites that trick consumers into giving private information. Phishers commonly steal usernames and passwords and use them to access email messages, bank accounts, and other forms of sensitive information. Phishing campaigns are becoming more common and more sophisticated, and, according to the EU Agency for Network and Information Security, they’re often the start of larger cybercrime campaigns
Yes, two-factor authentication, long special character-laden passwords, and such other protocols can help. But, they are still susceptible to phishers. To help keep your data secure, Google wants to add an extra layer of security to the login process. The new Titan Security Key bundle includes two white, keychain-sized dongles: a USB key that plugs into a computer and a Bluetooth model that connects to mobile devices. Each uses custom, cryptographic firmware created by Google.
After you enter your login information on a compatible website, you will be prompted to connect to one of your keys. Even if a phisher has your login information she won’t be able to do anything with it without physical possession of one of your keys. Protect the keys, protect your data.
The Titan Bundle is part of Google’s Advanced Protection Program, the company’s strongest security offering, It has been used internally before and since employees at Google started using the keys, none have ever had their account breached.
Titan Security keys use standards created by FIDO, a coalition of companies that depend on strong online security. The most popular browsers, major mobile operating systems, and many financial institutions use FIDO, the “world’s largest ecosystem for standards-based, interoperable authentication.” So it’s not just Google websites that are compatible with these keys; they can protect your data on sites all over the Internet.
Many phishers use password recovery to steal login information, so Advanced Protection has a much more rigorous and longer recovery process if you report them missing or stolen. Users who lose their keys should expect to lose access to their Google account for days.
For some, the hassle of carrying a physical item and potentially losing access for days won’t seem worth the extra security. But with phishing a growing cybersecurity threat, expect to see more people protect their information with products like the Titan Security Key bundle and more companies to follow Google’s lead with investments in anti-phishing technology.