November 2018 Android Security Bulletin brings NFC support for Google's Titan Security Key bundle
In late August of 2018, Google took account security to a new level when it started offering the Titan Security Key bundle. This $50 hardware package provided a set of two USB security keys — one with a Bluetooth option and one with an NFC option — using Google's Titan firmware, which is designed to provide an extra layer of security for your account. Recommended for users opting in for Google's Advanced Protection Program, the bundle was designed to be used with any computer, tablet, or smartphone.
One quirk of the launch was the lack of NFC authentication through the key which had the hardware to support it. While other keys from brands like Yubico did offer NFC support, the Titan firmware just wasn't ready and Google released the keys with the promise of a quick update to address the NFC issue. Google has verified to us that the November Android Security Bulletin did indeed patch things up so that NFC is now a supported option when using a Titan branded key to authenticate.
You don't need to be enrolled in Google's Advanced Protection Program to use the Titan bundle to secure your account, and you don't have to use the Titan bundle should you wish to use a security key to authenticate your account. You might want to, though, as Google has adopted one extra layer of protection for its Titan firmware as it relates to your Google account — real-time phishing protection.
Whenever a request is made to log into your Google account, the Titan keys (when used with Chrome) allow the browser to report where you're actually trying to log in. Should the request come from a "fake" site or email that's trying to phish your credentials (imagine something along the lines of www.google.com.co instead of www.google.com) the request is automatically denied.
Security keys offer an excellent two-factor authentication method as well as a great last line of defense against getting locked out of your account should you lose your phone that has both your password manager and authenticator app installed. But even if you forgo the use of a physical security key, always be sure to use a good password (that means one generated from a password manager) and two-factor authentication. One day you just might be glad you did.
No Phishing
Titan firmware protects your account.
Using the same Titan firmware that protects the Pixel 3 and Google's online servers, the Titan Security Key Bundle offers advanced security and two-factor authentication for anyone who wants to take that extra step.
Be an expert in 5 minutes
Get the latest news from Android Central, your trusted companion in the world of Android
Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Threads.