The security keys work in conjunction with Google’s Advanced Protection Program, enabling users to enrol the key to their computer or mobile device and use it “like a second lock after your password” to provide an added layer of protection against phishing and account hacking. Previously, only the USB-A version of the key offered NFC functionality for authenticating with Android and iOS devices, but Google has also now added it to the USB-C version as well. Google has added NFC functionality to both of the latest versions of its Titan Security Key, enabling Google account holders to use them as a second layer of authentication when signing into their account or compatible third-party apps and services by tapping the key on their mobile device. It also remains to be seen whether concerns about security and transparency are great enough to impact upon the sale of Titan Security Keys.EXTRA SECURITY: The latest Titan Security Keys now have NFC for connecting to most mobile devices Google is yet to give any more detail about the production process, and it is not clear whether it will do so or not. If from scratch, I want to know what steps they took to ensure a secure outcome. I want to know what changes they made to the Feitian firmware, or if they wrote the firmware from scratch. This is a worry voiced by CEO of cybersecurity firm Trail of Bits, Dan Guido: One of the features of Titan Security Keys is that they include tamper-resistant firmware, but if the supply chain is compromised, this might not be of any use. But given the level of apprehension Chinese companies raise in many people, it is perhaps surprising that Google opted to go down this route - especially considering this is a security product. Google is not hiding the fact that Feitian makes the keys - the company has in fact confirmed as much. You mean "Google sells Feitian security keys under its own brand name"? /V2RgoEkPiV "Google builds its own hardware security keys." Earlier in the year the Feitian name was noticed as being linked to the company's security keys: On Twitter, he went as far as saying he would not recommend the use of the security keys:ġ) People throw around "that is made in China" as shorthand for "it is definitely backdoored" with no evidence or consideration for compensating controls.Ĭhinese involvement in the production of Google hardware is hardly a new thing. Speaking to Motherboard, former chief information security officer at Facebook, Alex Stamos, said of Google: "I think it would be great if they documented their supply chain process".
Like Russia, there have long been concerns about the threat of surveillance carried out by China, and Chinese involvement in security products used in the west raises understandable concerns. Google is able to track your offline purchases thanks to a secret deal with Mastercard.Google's Titan Security Key now available for $50.
0 kommentar(er)
