Google launched an updated Titan Security Key last week. The new hardware key supports FIDO2, which means that it is compatible with a wide range of services. While you may use it exclusively for Google accounts, you can store up to 250 entries using it.
Titan Security Key works similarly to other hardware keys, including latest generation YubiKey products. Google promises state of the art encryption and protections. For users, it is an option to protect their accounts with two-factor authentication. You’d use the hardware key instead of an authenticator app or other means to provide the second form of authentication.
I bought a Titan Security Key of the latest generation last week to check it out. This guide includes step-by-step instructions to set up the hardware key to protect your Google account and others. It includes important information also, for instance, how you can protect yourself to avoid locking yourself out.
Did you know that Google plans to delete inactive Google accounts?
Setting up the Google Titan Security Key
The box includes the selected hardware key — there are two versions that have different USB ports, USB-A or USB-C, but are functional identical otherwise. It also includes a small getting started booklet, which simply tells you to go to this Google website to get started. There is also a bigger Safety & Warranty booklet that no one reads. The USB-A version includes an USB-C to USB-A adapter, the USB-C version of the hardware key none.
Protecting the Google account with the key is a simple process that requires the following steps:
- Open this Google Security page in a modern browser, e.g., Firefox, Microsoft Edge, Google Chrome, Safari, Vivaldi, Opera or Brave.
- If you prefer to go there manually, open this Google Account Help page instead and click on “Enroll your security key” under Step 2.
- A prompt asks you to keep the key disconnected from the device for now. Select the Next button to continue.
- A set up request is displayed as a prompt. Select OK to continue the process.
- Another prompt explains that Google will see the make and model of the security now if you continue. Select OK to proceed.
- Connect the security key to the device when prompted to do so.
- Type a name for the key on the “Security Key registered” page and select Done.
This is the entire process.
Word of Caution
The Security Key becomes the default two-factor authentication option. It is advisable to make sure that there is at least one additional option enabled. This can be an authenticator app, voice or text message, another security key, Google prompts or backup codes.
If you lose the Titan Security Key and don’t have another option enabled in the account, you will be locked out of the account.
Signing-in with the Hardware security key
The first sign-in step is exactly the same as before. You need to supply your Google email address and password to continue.
The 2-step verification prompt lists the email address. Make sure it is the right one. There is a menu to switch to another email address; useful if you set up more than one account.
Select Continue to authenticate using the Titan Security Key. You may also select “Try another way”, which you need to do if you don’t have the hardware key with out. The option “Don’t ask again on this device” should only be used on personal devices.
You are now asked to touch your security key. It contains a small area that reacts to touch. This acts as local confirmation to proceed.
You should now be logged-in to the account.
The same option is also available on mobile devices. Just connect the security key to the mobile device and follow the instructions to sign-in.
Non-Google accounts
Non-Google accounts can be saved to the key. It supports up to 250 keys, e.g. passkeys, that you may add. Numerous services and companies support passkeys already and more will follow in the coming years.
Generally speaking, all you need to do is open the 2-step verification preferences at the service and follow the instructions to protect the account using a hardware key.
Other useful resources
Here is a list of Google resources that you may find useful:
- Passkeys Management – this page lists all devices linked to the Google Account. You can edit or remove them, and create new passkeys on the page.
- Security Keys Management — similarly, this page lists all security keys associated with the Google account.
- Support page with information about lost security keys.
Google’s key or third-party keys?
There are other keys besides Google’s. I already mentioned Yubico keys as an alternative, but there are many more. To name a few: Onlykey, Feitian, or Thetis. All support FIDO2 and offer similar functionality.
Trust plays a role, but so may other factors, including price or the built-in security. There is no clear answer to that question. If you use a Google account and want to protect it, there is nothing wrong with using a Titan Security Key to do so. Similarly, you may use other hardware keys for the same protections.
Now You: do you use hardware keys?