Google USB-C/NFC Titan Security Key Review - PCMag

The USB-C/NFC Titan Security Key is the latest version of Google's hardware security key, designed to keep the bad guys from taking over your ... Home Reviews Security By MaxEddy MaxEddy SeniorSecurityAnalyst MyExperience Sincemystartin2008,I'vecoveredawidevarietyoftopicsfromspacemissionstofaxservicereviews.AtPCMag,muchofmyworkhasbeenfocusedonsecurityandprivacyservices,aswellasavideogameortwo.Ialsowritetheoccasionalsecuritycolumns,focusedonmakinginformationsecuritypracticalfornormalpeople.IhelpedorganizetheZiffDavisCreatorsGuildunionandcurrentlyserveasitsUnitChair. ReadFullBio March7,2022 facebook (Opensinanewwindow) twitter (Opensinanewwindow) flipboard (Opensinanewwindow) socialshare Flipboard (Opensinanewwindow) Pinterest (Opensinanewwindow) Reddit (Opensinanewwindow) LinkedIn (Opensinanewwindow) Email (Opensinanewwindow) Copied Error! CopyLink https://www.pcmag.com/reviews/google-usb-cnfc-titan-security-key Comments (Photo:MaxEddy) 3.0 Average TheBottomLine WithNFCandUSB-C,thelatestTitanSecurityKeyfromGoogleworkswithnearlyeverydevice.Unfortunately,itusesanoldermulti-factorstandardandmightnotworkwitheverysiteandservice. MSRP$35.00 $35.00at GoogleStore SeeIt (Opensinanewwindow) PCMageditorsselectandreviewproductsindependently.Ifyoubuythroughaffiliatelinks,wemayearncommissions,whichhelpsupportourtesting. Pros Affordable USB-CandNFCsupported Small,sturdydesign TrustedGooglename Cons OlderFIDOU2Fprotocolmaylimititsutility Incompletedocumentation GoogleUSB-C/NFCTitanSecurityKeySpecs Name Value Biometrics No AuthenticationSpecifications FIDOU2F Connector USB-C WirelessSpecification NFC AllSpecs TheUSB-C/NFCTitanSecurityKeyisthelatestversionofGoogle'shardwaresecuritykey,designedtokeepthebadguysfromtakingoveryouronlineaccounts.Withanattractivedesignandprice—atjust$35—theTitanKeyisanobviouschoicefornewcomerstomulti-factorauthentication(MFA).WithbothUSB-CandNFC,youcanbeconfidentthatitwillworkwithjustaboutallthedevicesyoualreadyhave.Unfortunately,theTitan'srelianceonaslightlyoldertechnologymeansthatitmaynotbeaswidelyacceptedamongthesitesandservicesyouwanttosecure.WhatisMulti-FactorAuthentication?Simplyput,multi-factorauthentication(MFA,orsometimes2FA)isthebestwaytopreventbadguysfromtakingoveranonlineaccount.WhenyouhaveMFAenabled,youloginusingtwofactorsfromalistofapossiblethree:somethingyouknow,likeapassword;somethingyouare,likeafingerprint;orsomethingyouhave,liketheGoogleTitanKey.Evenifanattackermanagestogetyourusernameandpassword,theywon'thaveyoursecondfactorandwon'tbeabletotakeoveryouraccount.ButsimplyusingMFAisnoreasontoslouchonothersecuritybasics.Youshouldalsouseantivirussoftwareonyourmachinesanduseapasswordmanagertocreateunique,complexpasswordsforeachsiteandserviceyouuse.  OurExpertsHaveTested134ProductsintheSecurityCategoryInThePastYear Since1982,PCMaghastestedandratedthousandsofproductstohelpyoumakebetterbuyingdecisions. Seehowwetest.(Opensinanewwindow) Whilehardwaresecuritykeysareprobablythebestwaytoprotectyouraccounts,anyMFAisbetterthannone.Authenticatorappsareaneasy,secure,widelysupported,andfreewaytosecureyouraccounts. SimilarProducts 4.5 Outstanding YubicoYubiKey5CNFC $55.00 SeeIt atAmazon (Opensinanewwindow) ReadOurYubicoYubiKey5CNFCReview 4.0 Excellent YubicoYubiKeyCBio $85.00 SeeIt atYubico (Opensinanewwindow) ReadOurYubicoYubiKeyCBioReview 4.0 Excellent YubicoYubiKey5NFC $45.00 SeeIt atAmazon (Opensinanewwindow) ReadOurYubicoYubiKey5NFCReview 3.5 Good KensingtonVeriMarkGuardUSB-CFingerprintKey $69.99 SeeIt atKensington (Opensinanewwindow) ReadOurKensingtonVeriMarkGuardUSB-CFingerprintKeyReview 3.5 Good NitrokeyFIDO2 VisitSite SeeIt atNitrokey (Opensinanewwindow) ReadOurNitrokeyFIDO2Review 3.5 Good SecurityKeyNFCbyYubico $25.00 SeeIt atAmazon (Opensinanewwindow) ReadOurSecurityKeyNFCbyYubicoReview 3.5 Good YubicoYubiKey5Ci       ReadOurYubicoYubiKey5CiReview 3.5 Good YubicoYubiKeyBio $80.00 SeeIt atYubico (Opensinanewwindow) ReadOurYubicoYubiKeyBioReview ATitanofIndustryTheUSB-CTitanSecurityKeygrewoutofGoogle'searlierTitankeyseries.Originally,Googleoffereda$50bundlewithbothaUSB-AkeyandabatterypoweredBluetoothfob.Atthetime,Google'sdocumentationpushedtheideaofhavingabackupMFAdevice,sosellingtwodevicesmadesense.GooglehassinceditchedtheBluetoothdevice,whichisfinewithme.Ineverlikedthefobbecauseofitsrelianceonbatteriesbutitalsoturnedouttobevulnerabletoattack.GooglealsoditcheditsbundlingschemeandinsteadofferstheUSB-C/NFCkeyfor$35orUSB-A/NFCkeyfor$30.ThisreviewfocusesontheUSB-C/NFCSecurityKey,whichisoutofstock—butonlytemporarily,I'mtold—attheGoogleStoreatthetimeofthisreview'spublicationTheUSB-CTitanKeyislozengeshapedandmadeofwhitepolycarbonatewithsilveraccents.Ithasnomovingpartsorbatteriesanddoesn'trequireanetworkconnection.AtoneendisastandardUSB-Cconnector,andattheotherisazincalloy-reinforcedholewhereyoucanthreadakeyring.JustabovetheconnectorisasmallLEDthatflasheswhenconnectedtoadevice,andjustabovethatisasilver,touch-sensitivecircle.AlthoughtheTitanKeydoesnotreadfingerprints,youtapthecircletoconfirmwhileloggingintosites.ThisisstandardforallhardwareMFAkeys. Fromlefttoright:NitrokeyFIDO2,USB-CGoogleTitanSecurityKey,andYubicoYubiKeyBio-C. (Photo:MaxEddy) At0.3by0.7by2.0inches(7by18.5by50.9millimeters,HWD),theTitanKeyisquiteabitlongerthaneithertheYubikeyBioUSB-Aor-Ckeys($80and$85,respectively).TheTitanisalsothicker,witharoundedbodythatcontrastswiththeultra-sveltelookofYubicodevices.It'samuchmorerefineddesignthanthe$29NitrokeyFIDO2,which,perhapsbecauseofitsopen-sourcepedigree,looksmorelikeaFlashdrivefrom2004.Weighingabout0.2ounces(7grams),theTitanisabitheftierthanthe0.18ounces(5grams)BioUSB-C.ThelargerbodymakestheTitanfeelverylightinthehand,almosthollow.It'stougherthanitlooks,however.Theseamsareallverytight,andtwistingtheTitandidn'tevenmaketheplasticgroan.Whetheritspristinewhitefinishwillsurviveonyourkeyringisanotherquestion.UnderthePlasticSkinWeirdly,Icouldn'tfindanythinginGoogle'sdocumentationaboutwhatMFAstandardstheUSB-CTitankeysupports.Mostkeymakersadvertisethesepointsproudly.Theygiveahinttoconsumersabouttheplacesthatwillacceptthekeyandwhatfeaturesthekeyprovides.IreachedouttoGoogle,whichconfirmedthatitsupportstheFIDOU2Fprotocol.Thisisanolderprotocol,butonethatshouldallowthekeytobeusedasanMFAkeyinmostcontexts,withsomelimitations.Still,it'sanoddchoiceforaproductfromaleadingnamelikeGoogle.Allthekeyswe'vereviewedrecentlysupportthenewerFIDO2protocol.Eventhe$29SecurityKeyCNFC,Yubico'sentry-levelkey,supportsFIDO2. (Photo:MaxEddy) TheUSB-CTitanKeyalsolackssomeofthemoreadvancedfeaturesfoundintheEditors'ChoicewinningYubikey5CNFC.This$55devicesupportsthelatestauthenticationstandards,anditcanalsodoubleasasmartcardandbeconfiguredtospitoutstaticpasswords.ItalsosupportstheproprietaryYubicoOTPsystemandworkswithOpenPGP(Opensinanewwindow).WhenpairedwithaYubicoapp,itcanevengeneratetime-limitedone-timeusepasscodes(OATH-TOTP).That'sallimpressive,butit'sbeyondtheneedsofmostpeopleandespeciallythefirst-timeusersGoogleisclearlytargetingwiththeTitanKeys.Inthepast,Googlereportedlypartnered(Opensinanewwindow)withmanufacturerFeitiantoproduceitspreviousgenerationTitankeys.FeitianisbasedinBeijing,withaUSbranchinCalifornia.ThemanufactureroftheUSB-CTitankeyisn'tdisclosed,buttherearesomeclues.ThepackagingsaysthekeyismadeinChinaandthebackoftheUSB-CTitankeybearsthenumberK40T,andtheKeyappearsas"ePass"whenconnectedtomyMac.ThissuggestssomerelationtotheFeitianePassK40(Opensinanewwindow),andthetwodevicesdolookquitesimilar.Weirdly,theFeitianK40doessupportFIDOU2FandFIDO2. (Photo:MaxEddy) AGooglerepresentativewouldonlyconfirmthatthecompany'skeysaremadebyathird-partymanufacturer."AllTitanSecurityKeysarebuiltwithahardwaresecureelementchipthatincludesfirmwareengineeredbyGoogletoverifythekey’sintegrity."Forsome,asecurityproductfromChinaisanonstarter.AtPCMag,wedon'tbelievewecanmakeajudgmentonaproduct'squalitybasedonitsplaceofmanufacturealone.ThemeasurestoprotecttheTitankeysareclearlygoodenoughforGoogle.ThoselookingforamoretransparentdeviceshouldlooktotheNitrokeyFIDO2,whichusesopen-sourcehardware.Hands-OnWiththeTitanSecurityKeyTheGoogleTitanSecurityKeydoesn'tsupportbiometrics,unlikethe$69KensingtonVeriMarkGuard.Fortunately,thatalsomeanstheTitandoesn'trequireanysetup.TostartusingtheKey,simplynavigatetoasitethatsupportshardwarekeys,findtheSettingstoaddakeytoyouraccount,andfollowthedirectionsthesiteprovides.IhadnotroubleenrollingtheTitanKeywithmyTwitteraccount. (Photo:MaxEddy) Onceenrolled,logginginwiththeTitanKeywentsmoothly.OnmyMac,IloggedintoTwitterusingGoogleChrome,insertedmykey,tappedtheTitanKeywhenprompted,andwasin.IhadjustaseasyatimeonmyGooglePixel3a,whereIpluggedintheTitanKeythroughthephone'sUSB-CportandloggedinthroughtheofficialTwitterapp.NFCletsyouusethekeywirelesslywithsupporteddevices.Inmytesting,IusedaniPhone13.IloggedintotheTwitterappasusual,andthenplacedmykeyagainstthetopoftheiPhone'sscreenwhenprompted.Afterafewbeats,theappacceptedtheKey,andIwasin.WhereIranintotroublewaswhenItriedtoenrolltheGoogleTitanKeywithmyMicrosoftaccount.Microsoft'sapproachtoMFAisveryforward-looking,andthecompanyhasembracedpasswordlessauthenticationforsomeofitssitesandservices.Todothis,itleveragesthelatestFIDO2andWebAuthntechnology,whichtheTitanKeydoesnotsupport.WhenItriedtoenrolltheGoogleTitanKeywithmyMicrosoftaccount,itkickedupanerrorwarningsuggestingthatthedevicewastooold.  (Photo:MaxEddy) IwantedtodoasanitycheckandtryanotherFIDOU2FkeywithmyMicrosoftaccount.ButofthedozenMFAkeysinmypossession,allofthemusedthenewerFIDO2.Atthebottomofadrawer,IfoundanoldYubiKeyNEO—whichcouldbenearlyadecadeold(Opensinanewwindow)atthispoint—thatonlysupportstheFIDOprotocol(notFIDO2,notFIDOU2F).Microsoftalsorejectedthiskey,butTwitteracceptedit.ThatmeanstheproblemisnotspecifictotheTitan,butitmakesmewonderifotherserviceswillalsorejecttheTitan,especiallyservicesthatarejustnowintroducingsupportforhardwaresecuritykeys.AGooglerepresentativeexplainedthattheUSB-CTitankeywillworkwithsitesandservicesthatimplementWebAuthn"asaphishing-resistantsecondfactor."Youmayfindsimilarincompatibilitieswithothersitesandservices.ASlightlyFlawedTitanTheGoogleUSB-C/NFCTitanSecurityKeyhasalotgoingforitbeyonditsGooglebranding.It'ssmall,well-made,andpricedwithinimpulsepurchaseterritory.ItsnamesakeNFCandUSB-Csupportmeanthatitwillworkwithmostdevicesyoualreadyhave,includingsmartphonesandtablets.AlthoughtheTitanlacksbiometricpowersandtheadvancedauthenticationfeaturesofthehigh-endYubiKeys,itshouldbeagreatentrypointfortheaverageconsumer.Itshouldbe,butwehavereservations.WeweredisappointedathowincompleteGoogle'sdocumentationisfortheTitanKey.TheconfusionmaymakeitdifficultforconsumerstojudgewhethertheTitanKeywillmeettheirneeds.WewerealsodisappointedthatMicrosoftrejectedtheTitan.AlthoughthekeyworkedwithTwitterandwilllikelybebroadlyaccepted,we'reworriedaboutthelong-termutilityoftheTitankey.TherearealreadytoomanybarrierstoMFAadoption,andtheuncertaintyGoogleintroduceswiththeTitandoesn'thelp.Theentry-levelYubicoSecurityKeyserieshasnewertechnologiesforless,andthebroadcapabilitiesoftheEditors'ChoicewinnerYubico5CNFCanexcellentchoiceformoreexperiencedbuyers. (Photo:MaxEddy) GoogleUSB-C/NFCTitanSecurityKey 3.0 (Opensinanewwindow) SeeIt $35.00atGoogleStore (Opensinanewwindow) MSRP$35.00 Pros Affordable USB-CandNFCsupported Small,sturdydesign TrustedGooglename ViewMore Cons OlderFIDOU2Fprotocolmaylimititsutility Incompletedocumentation TheBottomLine WithNFCandUSB-C,thelatestTitanSecurityKeyfromGoogleworkswithnearlyeverydevice.Unfortunately,itusesanoldermulti-factorstandardandmightnotworkwitheverysiteandservice. LikeWhatYou'reReading? SignupforSecurityWatchnewsletterforourtopprivacyandsecuritystoriesdeliveredrighttoyourinbox. Email SignUp Thisnewslettermaycontainadvertising,deals,oraffiliatelinks.SubscribingtoanewsletterindicatesyourconsenttoourTermsofUseandPrivacyPolicy.Youmayunsubscribefromthenewslettersatanytime. Thanksforsigningup! Yoursubscriptionhasbeenconfirmed.Keepaneyeonyourinbox! Signupforothernewsletters Advertisement DigDeeperWithRelatedStories 8TechieGiftsfortheSecurityExpertinYourLife By NeilJ.Rubenking TheBestAuthenticatorAppsfor2022 By MichaelMuchmore CanYouSpotaPhishingScam?TakeTheseQuizzestoFindOut By KimKey YouTossedYourCookiesButThey’reStillTrackingYou;Here’sHowtoHideYourBrowserFingerprint By NeilJ.Rubenking PCMagStoriesYou’llLike {X-htmlReplaced} Editors'Choice AboutMaxEddy SeniorSecurityAnalyst Sincemystartin2008,I'vecoveredawidevarietyoftopicsfromspacemissionstofaxservicereviews.AtPCMag,muchofmyworkhasbeenfocusedonsecurityandprivacyservices,aswellasavideogameortwo.Ialsowritetheoccasionalsecuritycolumns,focusedonmakinginformationsecuritypracticalfornormalpeople.IhelpedorganizetheZiffDavisCreatorsGuildunionandcurrentlyserveasitsUnitChair. ReadMax'sfullbio ReadthelatestfromMaxEddy SurfsharkVPNReview AvastSecureLineVPNReview ProtonVPNReview MozillaVPNReview NordVPNReview MorefromMaxEddy Advertisement TableofContents GoogleUSB-C/NFCTitanSecurityKey $35.00atGoogleStore GoogleUSB-C/NFCTitanSecurityKey $35.00atGoogleStore SeeIt (Opensinanewwindow) ReturntoTheTop WhatisMulti-FactorAuthentication? ATitanofIndustry UnderthePlasticSkin Hands-OnWiththeTitanSecurityKey ASlightlyFlawedTitan GoogleUSB-C/NFCTitanSecurityKeySpecs