Titan security Key is a physical security token launched by Google last July for protecting highly valued systems accounts. It is designed to be a phishing-resistant and a two-factor authentication key to ensure the utmost security. As you pair it with any devices, you would require two passwords to unlock your accounts. It works well on any browser and growing ecosystem of services that qualifies FIDO standards that is Fast ID Online (FIDO) technology ensuring strong authentication. This Titan branded security keys are sold only in the U.S, but in other countries, it is sold under their original brand Feitian brand.
Titan Security keys are built by a chip, where its firmware engineered by Google to ensure the integrity of the key. Titan security keys are also built on pixel 3 and pixel 3a phones which includes tamper resistant Titan M security chip that allows protection of work-related things and as well as personal Google accounts.
However now Google says that they would replace all the Titan Security keys as they have found some vulnerability with the key’s Bluetooth Pairing service. Where the hackers can access the device across 30 feet from the device and can either hack the user accounts or get hands on to the devices. This issue is only for the Titan Security Key with Bluetooth pairing service and not for the other key that works through NFC or USB. Also, Google said that this vulnerability was initially found by Microsoft and they reported to the companies that design the product.
Users can confirm if their Titan Security is vulnerable or not through Google’s replacement website by having their accounts signed in, this websites also provide the procedure to proceed with the replacement. Also if the users see T1 or T2 displayed at the back of the key, it means the key is vulnerable, so they have to proceed with the replacement process.
Feitian brand users also can check the vulnerability of their device through Google’s replacement site. However, the replacement keys will be provided by the Feitian itself.
Google suggest their users not to use the key in public places, where attackers can get hands on it. And as well Google recommends to continue using the key rather stop using it, as this would be more secure when compared to not using the key at all. However, it advises the user to just unpair the device once after getting connected to their accounts until the users receive the new replacement security key.
The Titan security key will stop working if the user pairs it with IOS 12.3 version of Apple devices. And once after the user sign in they are not supposed to sign out, because they would not be able to sign back again until they get the new security key. However in case if the account is locked, the user can unlock it by following the instructions provided in the Help Center of Google’s account help. For Android devices, once they get their June security patch the affected keys will be automatically unpaired as they get connected.