For those who want the strongest protections against getting their accounts hacked, Google began selling a new model of its Titan hardware security keys Tuesday that plugs into a USB-C port. The new $40 model will work in devices with newer USB-C ports -- most notably Android phones that in the past needed adapters or other wireless techniques.
Hardware security keys are catching on with services from Microsoft, Google, Facebook, Twitter, GitHub and Dropbox to make it harder for attackers to gain access to your account. To use them, you typically have to insert one into a USB port after entering your password. That stops attackers who might have your username and password through a security breach. And it's a step toward dumping passwords altogether, when used in combination with biometric systems like fingerprint and face identification.
Google's new Titan keys are built by Yubico, a Swedish company that pioneered the technology and helped Google and others build standards to use it like FIDO2 and WebAuthn. However, the Titan model -- in addition to being white instead of black like Yubico's own YubiKey products -- has Google's firmware, said Christiaan Brand, a product member of Google Cloud's identity and security team, in a blog post.
Google's earlier Titan security keys used old-style USB-A ports and Bluetooth or NFC (near field communication) wireless links. Apple's iPad Pro tablets have USB-C ports but don't support the keys, at least not yet. Adding a USB-C option means Google's options are better aligned with the future of computing ports: USB-C is spreading fast across the tech industry now.
The keys cost money, though, especially if you're buying a few for work, home, your keychain and a safe deposit box. Google's cheapest Titan key costs $25. Google is trying to make the technology more accessible by letting you use your Android phone as a security key too.