Token2.com corporate blog
Information Security
May 15

Google informs users about a vulnerability with their Titan Security keys


Titan Security Keys are marketed as phishing-resistant two-factor authentication (2FA) devices that help protect high-value users such as IT admins. They have been around for quite some time and have been largely promoted as the most secure second-factor device ever, both by Google itself and media.

However, a particular model of Titan ( BLE) turns out to be not very secure, as today, Google has sent out a message to G Suite administrators with users supposedly using the affected devices, recommending to replace the devices.



While the details of the vulnerability are not disclosed and it is even not clear whether this is severe security at all, this incident shows again that there can never be a 100% secure method, and as usual, security-savvy users should be keeping abreast of the latest reports. So, if you happen to use any Google Titan Keys or Feitian MultiPass BLE U2F keys (both appear to be the same product), it is recommended to replace it with something more reliable (a TOTP token, for example).

UPDATE: Regular users (non G-Suite) were also informed
UPDATE2: This appears to be a security issue indeed
UPDATE3: Feitian launches a replacement program

+7
813 2
Comments 3