In this post, we'll do a deep dive into Google Titan security keys, common authentication use cases, and interacting with the devices programmatically during FIDO2 registration and authentication. FIDO2-based hardware security keys like Google Titan and YubiKey are probably the only known phishing resistant technologies available today.
Hopefully things will improve once NFC support arrives in the coming months.Legacy MFA schemes like PIN, SMS/Email OTP, TOTP apps, and mobile push, are vulnerable to phishing attempts and malware.
Google Titan Security Key works brilliantly with desktop browsers, but the mobile implementation so far seems to be lacking. The Bluetooth key was actually detected this time, and we got as far as entering the PIN (a six-digit number printed on the back of the key), but the process then ground to a halt and the key refused to connect The Twitter app apparently doesn’t support security keys, so we tried logging in through a browser. We were able to set up the key to protect our Twitter account on a desktop, but again ran into trouble on mobile.
It’s not yet possible to use the NFC capability with an Android device, so we weren't able to try this as an alternative, but Google says the feature will be coming later this year. My colleagues at Tom’s Hardware (opens in new tab) had similar trouble getting it to connect to an iPhone. Unfortunately, we ran into difficulty with the Bluetooth key on our Android phone despite being in pairing mode, the key simply couldn’t be found.
0 kommentar(er)
