Google's new $50 gadget is the best way to keep your accounts safe
Google is now selling a special $50 key that adds an extra layer of security when you access important online accounts. It's called the Titan Security Key, and I recently started using one.
Here's why it matters: Normally, you might just use a password to log in to all of your online accounts, like Gmail, Facebook and Dropbox. That's not very secure, even if you use a different password everywhere. Maybe you've upped your security to two-factor authentication, which can send a text message to your phone that's required in addition to a password each time you log in. But even that isn't as secure as the Titan Security Key.
Instead, Google's Titan Security Key is a piece of hardware that acts as the master password for everything you need to access. Just don't lose it.
I tested it out and it's pretty neat. Here's what you need to know.
The Titan Security Keys
The Bluetooth Titan key on the left, and the USB version on the right.
The Titan Security Keys meet standards set by the FIDO alliance. You don't need to know much more, other than the alliance publishes secure specifications and certifications that other companies can use to add another layer of security to their products.
With keys like the ones Google has — they're called FIDO U2F (Universal Second Factor) — users can help prevent phishing attacks, so-called man-in-the-middle attacks (where someone might intercept that special two-factor text message) and more.
You still need to enter a password to access your account but then, just like a home key or a set of car keys, you need the physical key to gain entry to your account. You can't just use a password.
Google specifically recommends that IT administrators, journalists, activists, business leaders and political campaign teams use these sorts of keys. Google says the FIDO U2F protocol, which its Titan keys support, is so secure that it hasn't had "a single reported or confirmed account takeover due to password phishing" since it started using them with its own employees.
The keys are simple to use
Google sent me the $50 Titan Security Key bundle to test.
The bundle includes two types of keys: one that plugs into your USB port and one that connects to phones with Bluetooth.
Setup was a cinch. I just went to Google's two-factor authentication page, chose the option to add a new security key and then plugged each key into my computer, one by one. Google took care of the rest in a matter of seconds, and told me I was all set up.
Now, whenever I log into my Google account, either on my own computer or one I might be borrowing, I need to first enter my password and insert the USB key into the computer and tap a small gold button on it. If I'm logging into Gmail on a phone, I just tap the button on the Bluetooth key. If I don't have the keys, I can't get in to my accounts.
Google is adding NFC support later this year, which will let you log in to your Google account on an Android device by tapping the key to the back of your phone. For now, Bluetooth works just fine on Android and iPhone.
Other sites take advantage of these keys, too, including Facebook and Dropbox. You just need to dig into the security settings of the services you want to connect and select the option to use a security key, if there is one. Unfortunately, many sites and services don't support the key yet.
Don't lose the keys
I like the peace of mind it gives me, knowing that it's much harder for someone to break into my most important online accounts, like Google.
On the other hand, I'm seriously worried about losing the Titan Security Key. It's tiny, and while I can connect it to a keychain, sometimes I accidentally misplace it. (Who hasn't lost their keys?) Also, the Bluetooth module needs to stay charged, and Google suggests that you don't ever let it fully drain. It's best to plug it in whenever you sit down at a computer.
Also, while I like that it was built by Google and should theoretically be catered to keep your account even more secure than other options, you can buy similar keys for about $20 each.
If you lose the Titan Security Key, you can try to gain access again from a computer where your account is still logged in, or waiting three to five days for Google's help resetting your password. That's the price you pay for added security, though.