According to Google, its keys offer the best protection against phishing. To fully understand how security keys work, one must first understand what two-factor authentication is (also known as two-step verification). This type of authentication must first be activated in the settings of an online account, for example Google or Facebook.
Afterwards, when you first sign in to one of these sites, you must provide, in addition to your password, a code (sent by SMS or generated by a smartphone application such as Google Authenticator). , or a security key. Depending on the model of key and the device i.e. Phone, tablet or computer available on thegadgetspro, the connection can be made by regular USB, USB-C, Bluetooth or NFC. The advantage of two-factor authentication? Even if a hacker gets your password, he will not be able to access your account because he will not have your smartphone or security key.
The risks of texting
However, not all two-factor authentication methods are as secure as each other. In the case of texting, fraudsters could impersonate you by calling your mobile phone provider and asking them to transfer your phone number to a new SIM card. Subsequently, fraudsters could recover your codes. Also, highly targeted and sophisticated phishing methods in principle allow hackers to recover not only your passwords, but also the codes obtained by texting or with an application like Google Authenticator. According to Google, the security key is the ultimate in authentication, since it protects in addition to phishing.
Now available in Canada
I had the opportunity to try Google’s Titan keys since their launch in Canada on July 31st. They are sold in sets of two keys (a Bluetooth model and a USB / NFC model) for $ 65. Also in the box: a regular USB adapter to USB-C and a cable to connect the Bluetooth key to a computer to configure and recharge. According to Google, the USB / NFC is used to authenticate on a computer or Android device. As for the Bluetooth key, it is primarily designed for IOS devices. Made of plastic, both keys seem pretty solid. With a hole, they are easily added to a keychain.
The list of services compatible with Titan keys is quite short: it includes for example Drop box, Facebook, Google and Twitter, but not Apple, Instagram, LinkedIn and Microsoft. On a computer, the keys are compatible with Chrome, Firefox, Edge and Opera browsers. On a smartphone, they only work with the Chrome browser. These keys are relatively easy to configure and use. In the security settings of the site (Facebook, for example), it is enough to activate the verification in two steps, to choose the option “key of security”, then to connect the key to complete the configuration.
Afterwards, when you log on to a new device for the first time, in addition to typing your password, you must enter the key in a USB port (in the case of a computer), keep it close to your computer. An Android phone (NFC connection) or press the button of the Bluetooth key. Despite some attempts on different devices, I have however failed to configure the USB key with Twitter, as if the key and the site were ultimately not compatible.
Given the low number of compatible sites and services, it is difficult to recommend the purchase of Google Titan keys. In addition, the company recommends them especially for people at high risk of being targeted by attacks, for example politicians, activists and journalists. If this is not your case, two-factor authentication by SMS or, better yet, by code generator, will do just fine. Note that there are also security keys from other manufacturers, including Yubi Key. However, I have not had the opportunity to try them yet.