We live in a world that increasingly – no… relies almost entirely on digital systems, and with that comes the increase in potential threats to your personal data. Although Google offers the Advanced Security Program that protects users with high visibility and sensitive information from targeted online attacks (think journalists, politicians, human rights activists, etc.), there are other ways to protect yourself and protect your information beyond that and Google’s excellent standard account security.
Today I’m going to talk about the Titan Security Key – a hardware chip that helps prevent account takeovers from phishing attacks and ensures that no one but you can access your device. Keep in mind you can also set up backup codes and even use an Authenticator app on your phone to sign in with 2-step verification, but going beyond that, did you know you can also use a standalone device to add an extra layer of separation between you and malicious attempts?
What is a security key?
This “security key” can come in many forms like Google’s Titan security key, but most popularly the Brand Yubikey, and offers many advantages over traditional 2SV or 2FA methods. They can sit right on your keychain and most often need to be physically plugged into USB-A/NFC or USB-C/NFC (Google ditched the Bluetooth dongle and introduced NFC last year).
Google Titan Security Chip
– Phishing-resistant two-factor authentication (2FA) devices that help protect high-value users
– Works with popular devices, browsers and a growing set of apps that support FIDO standards
– Built with a hardware chip (with firmware designed by Google) to verify the integrity of the key
– Available on the Google Store and for grouped orders in some countries
You can also use Google Phone Prompt or standard Phone Hub Bluetooth pairing to unlock your Chromebook, for example, but these hardware keys are superior according to experts because they offer tamper-proof hardware designed to resist physical attacks to extract the secret key firmware and hardware.
Google Pixel 6, 6 Pro and the Titan M2 chip
However, it might not always be something the average user thinks to go for, and not everyone really understands these accessories. For this reason, I find it important to mention that Google’s most recent phones – the Google Pixel 6 and 6 Pro – come with the Titan Security Key built-in, which means that a large number of people who have already purchased these devices can benefit from advanced security without the need for the additional purchase of a standalone keychain accessory.
While Pixel devices have implemented Google’s world-class Titan M security chips since the Pixel 3, and all of the company’s phones from then on have Google’s world-class security on board. , the Pixel 6 and Pixel 6 Pro went ahead and built on that to make things so more secure with the Titan M2.
The Titan M2 is a completely separate custom chip that has more storage, memory, and better cryptographic engines for key management. It also has internal SRAM, One Time Programmable Memory (OTP), and uses the open0source Trustee TEE (Trusted Executive Environment), which is much like its operating system.
Let’s go ahead and put your Pixel device to work protecting you in new ways. To do this, keep in mind that you need to be running at least Android 10 – something that shouldn’t be a problem for most Pixel users as they receive updates first. First, visit your Google account on the web using another device like your Chromebook or desktop computer and go to your Security page.
Next, tap 2-Step Verification and you’ll receive the following page showing your options for adding a phone for Google prompts, printing backup codes, activating the Authenticator app, and adding a passkey. Obviously, you will select the latter to whom his name was given, then you should see the following prompting you to “Add a security key”. Next, a pop-up dialog with all compatible devices in your Google account that can be used as security keys should appear.
All you’ll really need to do from this point is select your Google Pixel 6, 6 Pro or compatible Pixel device and hit the “Next” button. Keep in mind what we discussed earlier regarding the Titan M vs the Titan M2, so if you have a Pixel 4 or 3 already on your account, but you also just purchased a newer Pixel 6 or 6 Pro , you’ll want to go with the latter for added protection.
Pro advice: Did you know that you can only have one security key on your standard Google Account at a time? If you’re upgrading to a Pixel 6 or 6 Pro and setting it up as your passkey, you’ll be prompted to switch from your older device by disabling it instead of the newer one. You may have multiple security keys active on an Advanced Security Program account, and can even configure security keys for Google Workspace!
Google will then give you the summary. You must keep your phone’s Bluetooth turned on at all times if you want to use it as a passkey because your phone does not plug into your Chromebook or desktop computer the same way a Yubikey passkey or Autonomous Titan. You will also need to sign in from Google Chrome or Edge when trying to access your Google Account. Note that other browsers are not supported!
Tap “Next” to confirm that you understand and accept this, then you will see that your phone has been added as a security key. You can also follow these steps to add the aforementioned standalone Yubikey or Titan keychain chips. Tap “Next” again and Google will show you how to sign in to your account using your newly configured security key-phone combo.
Using your Pixel phone as a passkey
It goes without saying that you need to have your phone nearby and within Bluetooth range when logging into your account, as this is why we set your phone up this way to begin with, so just hit ‘Next’ one last time to confirm that you understand this too. Are you ready! You’ll now see your Pixel 6 or 6 Pro in the “Your Security Keys” menu that you’re taken to after viewing this awesome animation that shows the sign-in process with your phone’s security key.
By visiting Google.com and clicking “Sign in” at the top right of the screen or by turning on your Chromebook (which uses your Google account to sign in), you will then receive a 2-step verification prompt after entering Your password. Go ahead and look at your phone to approve this as seen below, and you’re done!
Using a passkey with your Chromebook
In order to get this advanced protection on a Chromebook, whether you plug in a Yubico Key, Titan Security Key from your keychain, or bring your newly configured Titan M2 compatible Pixel phone nearby to unlock your laptop, you’ll need to maybe do an extra step.
Open the Settings app on your Chromebook and navigate left to Security & Privacy. Next, tap or click “Manage other people”. Disable “Show usernames and photos on the login screen”, and each time you log in, you will be required to enter your username and password, after which you will be redirected to a web browser popup where you will perform this two-step verification. You can undo all of this by re-enabling “Show usernames and photos on the login screen”.
Pro Council: If you set up a Yubico Key instead of a Titan Security Key, you can install the Yubico Authenticator app on your Android or iOS device to log in to your Chromebook, but their app does not currently work on chromeOS, according to its official documents!
If you need to troubleshoot 2-Step Verification issues, such as recovering an account protected by it, avoiding account lockout when 2SV is applied, or using this method with legacy apps, you can visit the 2SV verification page. Google Workspace Admin help that covers all the cogs. Hope this is helpful for anyone trying to get more peace of mind with their Google Account, and especially for anyone who picked up Google’s new Pixel phone!