November 2018 Android Security Bulletin brings NFC support for Google's Titan Security Key bundle

Google Titan Security Key
Google Titan Security Key (Image credit: Android Central)

In late August of 2018, Google took account security to a new level when it started offering the Titan Security Key bundle. This $50 hardware package provided a set of two USB security keys — one with a Bluetooth option and one with an NFC option — using Google's Titan firmware, which is designed to provide an extra layer of security for your account. Recommended for users opting in for Google's Advanced Protection Program, the bundle was designed to be used with any computer, tablet, or smartphone.

One quirk of the launch was the lack of NFC authentication through the key which had the hardware to support it. While other keys from brands like Yubico did offer NFC support, the Titan firmware just wasn't ready and Google released the keys with the promise of a quick update to address the NFC issue. Google has verified to us that the November Android Security Bulletin did indeed patch things up so that NFC is now a supported option when using a Titan branded key to authenticate.

You don't need to be enrolled in Google's Advanced Protection Program to use the Titan bundle to secure your account, and you don't have to use the Titan bundle should you wish to use a security key to authenticate your account. You might want to, though, as Google has adopted one extra layer of protection for its Titan firmware as it relates to your Google account — real-time phishing protection.

Even if you don't want to use a physical security key, using a good password and 2Fa is a no-brainer.

Whenever a request is made to log into your Google account, the Titan keys (when used with Chrome) allow the browser to report where you're actually trying to log in. Should the request come from a "fake" site or email that's trying to phish your credentials (imagine something along the lines of instead of the request is automatically denied.

Security keys offer an excellent two-factor authentication method as well as a great last line of defense against getting locked out of your account should you lose your phone that has both your password manager and authenticator app installed. But even if you forgo the use of a physical security key, always be sure to use a good password (that means one generated from a password manager) and two-factor authentication. One day you just might be glad you did.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.