Imagine unlocking your computer the same way you do a car. That’s right, you have a little fob, and you push the button. And presto! It’s unlocked. (Maybe it even does a little “beep” too. Boy, that’d be great.) Google’s new Titan Key, which I tested this week, is not far from this vision. Developed internally, and now in the hands of more than 85,000 Google employees, the Titan Key has eliminated phishing at the company, according to Google. And now you can buy one yourself for $50.
So what is the Titan Key? It’s kind of like a password you can hold in your hands. Similar to the two-factor authorization that you might use with your phone, when you log in to Google services like Gmail you can type your password then plug in the key for the second wave of verification–no texting or codes required. Google’s $50 bundle also includes a fob that uses Bluetooth instead of a USB connection, letting you unlock your account by pressing a single button (much like your car). Both devices feel relatively cheap given that they’re made of lightweight plastics, but then again, these aren’t $100 devices. The physicality of the Titan Key isn’t just meant to be a user-friendly metaphor to unlock your accounts–it actually eliminates a hacker’s ability to intercept a phone message in transit and access your account remotely.
In theory, it’s a great idea–so how does the Titan Key work in practice? I was able to set up both the USB and Bluetooth keys in all of a minute through Chrome (Google tells me support for third-party browsers is still in development, all you Firefoxers). Once associated with my Google account, they’re good forever and shouldn’t need to be re-synced.
With my keys set up, I took a deep breath and logged out of Gmail. (When is the last time I did this? I have no idea. WILL I EVER SEE MY EMAILS AGAIN?!?) I typed my password in, and I was brought to the second authorization screen. Once I plugged in my USB Titan Key, it unlocked my account instantly and automatically. Done. It was faster and easier than those text messages I get through my phone. And okay, it was somewhat satisfying to unlock my computer with a key rather than a code; if only I had to literally twist it in my USB slot, I’d be totally sold on the kitsch.
When I tried to repeat the login test with the car-like Bluetooth fob, my account no longer needed the second wave of authorization. That’s because when you authenticate your computer with a Titan Key once, chances are, you won’t need to again, because most of us don’t mandate two-factor authentication with every single login. You can activate this option, however, within your Google settings. And if you already bought the Titan Key and have committed to lugging the thing around on your keychain for the rest of your life, I suspect you’d want to enable two-factor authorization for every login. Because why not?
As it stands now, the Titan Key is a handy piece of technology that’s proven itself at Google, where phishing attacks have literally been eliminated to zero. But it’s not quite the password revolution most of us crave. Why can’t the Titan Key unlock your entire Google experience? Why do we still need a typed password at all?
The answer is that the Titan Key is based upon a third-party standard, called FIDO, that doesn’t allow it to replace your primary password on an account. But there’s good news. That standard is bigger than Google’s accounts–it’s open to any service to join–and on top of that, Google does imagine the Titan Key could be promoted from its two-factor authorization duties to become the primary password replacement we’d all want it to be. “[Full password replacement] is part of the next version of the FIDO specification, which Google is actively involved in,” says a spokesperson.
In other words, one day soon, maybe the Titan Key really will be able to unlock your whole digital life.