Google announced its Titan security key at its recent Cloud Next 2018 event, and you can now buy one. For $50, you get a pair of Titan security fobs: One that works via Bluetooth and one that supports USB-insertion and NFC tapping, although the latter feature is still in the works. I already ordered mine because although these two-factor authentication (2FA) devices help protect you from phishing, you can also use them to securely log into a Chromebook or other supported device.
My friend Phil from Android Central shared a great overview on how this all works in general and with the new Titan key in regards to online security:
Again, that’s really what 2FA is meant for. I just take it a step further with my Chromebook because without 2FA, if someone had my Google account credentials, they’d be able to log in to my Pixelbook. Sure, you can set up experimental 2FA with the power button on a Pixelbook, which is great for online password protection, but not so great for device protection, which then allows access to your online accounts anyway if you store the credentials with Google.
Granted, you can set up 2FA for Chrome OS device logins without a hardware security key. You can use an authenticator app, a trusted Bluetooth device such as your phone, a prompt in your Google mobile app or SMS message codes. And if you don’t want to buy and carry a physical key, these are all worth considering to add as a second line of defense for your online accounts and Chromebook login.
Is it a pain to carry a separate 2FA device around? Sure, but its far less of a pain than having your online accounts or device accessed by someone and then having to deal with everything that comes with that situation. Security is inconvenient. There’s no argument there. A slight inconvenience, however, is worth the price of additional security in my book…. and in my Pixelbook.
14 thoughts on “Got a Chromebook? Consider securing it with a Google Titan key”
Increasing number of Chromebooks has no USB-A port. I’d love to buy USB-C variant of this. (Once the NFC is working.)
Yup, initially I was aggravated that this was Type A. But I get it. We’re still in transition to Type C and this way all devices can use the key. Would be nice to see a USB-C only option though.
Yubikey has USB-C versions.
But none with NFC/Bluetooth, AFAIK.
Yubikey has supported NFC for a few years now. Mine works well with my Nexus and then Pixel phones.
I’ve had a Yubi key attached to my keychain for a couple of years. It’s so light I never notice it and performance hasn’t been affected by the exposed USB pins bouncing around against the other keys. That said, I haven’t been able to convince anyone else to do this. You’d think peace of mind about the security of your most important accounts would be worth such a minor inconvenience.
I just received my Titan keys today after a two-month wait since ordering. Thanks for the great information on this extra security measure Kevin. Hoping I can get this working so I can protect my Google account, Pixelbook and Pixel 2XL. BTW, enjoy watching you and Stacy on TWIG when you’re on. Keep up the great work on About Chromebooks. J
Awesome, John! If you have any set up questions, just ask. And thanks for the kind words, which I’ll pass along to Stacey as well. 🙂
So far everything is going ok, but there are lots of questions. BTW, they should just have you on the show each week rather than Stacey texting you during the show as she did this week. 😉
What was difficult for me was understanding the relationship between the various methods of two factor once the keys were activated, and the keys alone vs setting up Advanced Protection. Someone needs to write a layman’s guide as all of the coverage I’ve seen (including Google’s documentation) doesn’t address many of the questions I’ve had.
I still get a prompt on my phone, even though I am using the key to log into a new device. Haven’t tested, but am hoping responding to the two factor message on the phone will still require the key.
Also, it appears that the key is only needed when first logging into a new device. I did revoke all access to devices but then had to log out of those devices before it would ask for the key. Should I remove the phone number from 2Fa?
And I would imagine that you also need to activate Advanced Protection in order to require the key on every login (not something I’m sure I am ready for at this point), but am interested in how that works. I would like to have my Pixelbook and Pixel 2 XL remain active without key, but other Chromebooks that I log into at work or home (family member’s devices) or Chrome browsers I use, require the key on every login, without having to remember to revoke access each time I use another device or browser with my Google account.
I’m not sure at all how to use the key with my phone. Would I need to remove the Google account from a phone and then add it back before it asked for the key?
Tonight I’m going to find out if activating the keys impacts my use of Youtube TV on my smart tv, or Play Music on my Assistant, hoping there won’t be any impact there?
Am I the only one with all these questions? I am employed full time as a IT Systems Analyst for a very large local government (7,000+ desktops), work with enterprise systems on a daily basis, and have been using and teaching software since the mid 80’s, but I certainly have had some challenges in grasping this for some reason. J
Sounds like I should write up a how-to post for these and other good questions. Will do today or this weekend.
Now that would be awesome. And if you wanted me to review any copy beforehand to see if I had additional questions I’d be more than willing to help out in that way. Was also going to see if there is a community forum out there for Titan. I got up to speed very quickly on Chromebooks two years ago just reading through posts on Chromebook Central for a couple of months. Thanks again Kevin. J
I’m looking to leverage the Titan keys for securing other devices outside of the Google family (ie. Linux, Windows, etc.) Any recommendations on things like that, especially using 2FA for login credentials and possibly encryption, would be great.
Thanks for the information.
I need security for my HP Chromebook since it’s end of life.
Will the Titan Key provide that security and maybe anti virus protection?
Thank you for being available.