Titan Security Keys

PEW · May 25, 2020, 5:11am

Anyone tried these? May be overkill and creates additional risk of device breakage.

sovashadow · May 25, 2020, 8:00am

I use a variant of this called the yubikey which is the same thing except not google labeled. I would recommend using this with a password manager like bitwarden but that is optional. I have talked about this previously in another post, but generally recommend either yubikey or nitrokey. https://www.nthcircle.com/forum/misc-tech/3221-somebody-big-has-been-hacked?start=0#45746

If you want to know what services support the physical keys, you can go here: https://www.dongleauth.info/

Edit: Also fun fact, google use to use yubikey and were so impressed by them they made their own variant which is now the titan key. So while the titan is cheaper, yubikey has been in the game longer.

mmfacemm · May 25, 2020, 3:20pm

Bought some when they were practically giving them away.

Ended up never using them and selling them. Too much hassle.

PEW · May 25, 2020, 7:02pm

PEW · May 25, 2020, 7:08pm

Recommends buy 2, so that would be the 2 key for $60 offer on Google site.

sovashadow · May 25, 2020, 7:20pm

@PEW, It is not necessary to buy 2 proactively. As long as you keep the codes that were used to create the first key, you can reprogram a second key later.

Also if anyone plans to do this, please please please have this be the only form of recovery/verification option. For example don't have this key and a phone number as a recovery option, it defeats the purpose of the key.

PEW · May 25, 2020, 7:32pm

Security tutorial fail? I saw his phone number and birthday. haha

PEW · May 25, 2020, 9:41pm

So Google Chrome can store your passwords just as LastPass. If we use the keys for secure account access, any benefit to LastPass? Both do suggest strong passwords. Guessing both store your password in encrypted status also.

I use Guest Mode on my Chromebook to access bank sites and enabled 2FA, thinking this should safeguard against key loggers and a decent level of protection.

Of course, another way is to have minimal money accessible online and hide gold bars in your basement for store of money.

sovashadow · May 25, 2020, 10:04pm

You woudnt want your passwords centralized on a browser for easy access. Like you use for banking storing your passwords offsite and always logging in via incognito or guest is the best practice.

LOL :lol:

PEW · May 25, 2020, 10:06pm

PEW · May 26, 2020, 5:35am

Would this be a decent counter to Man-In-The-Middle Attacks to SMS 2FA?

https://www.prepaidphonenews.com/2020/05/code-reveals-end-to-end-encryption-may.html

Still, this would not protect you if your phone is compromised.

PEW · May 30, 2020, 11:58pm