Got a tip? You can contact this reporter securely on Signal at +44 20 8133 5190, OTR chat at or email emphasised to Motherboard how the firmware improves the security of its Titan keys. (On a related note, in a tweet Stamos pointed to backdoors the NSA introduced into products from Cisco). Generally speaking, one concern is that the Chinese government could potentially force Feitian to introduce some form of backdoor into the devices, or intercept the keys themselves and tamper with them, allowing the government to then access accounts of targets, for instance. Motherboard granted the source anonymity because they were not authorized to talk to the press. “The supply chain in China often is dictated by government policy,” the head of a security team based in a global, multi-billion dollar company said. That Chinese link is what concerns multiple, senior security staff, though.
Legally, Google is the manufacturer, but the company contracts with the third party to produce the keys, Google said.
Google confirmed to Motherboard that Feitian does make the keys, and that Google does not see an issue with working with them. Several different companies provide such tokens, and Google has previously said security keys are the reason none of its over 85,000 employees have been successfully phished since early 2017.īut the Titan key isn’t really made by Google, at least exclusively. Hardware security tokens are used for locking down online accounts, such as email or cloud storage. You also have the option to edit each security key’s name or to delete it.“I think it would be great if they documented their supply chain process,” Alex Stamos, Facebook’s former CISO and now at Stanford University, told Motherboard. The key’s name defaults to “Security Key” unless you choose a custom name. You’ll also find more info such as the key's name, the date it was added, and the date it was last used. There, you’ll find a list of the keys you’ve added, from the most recent to the oldest. You can manage your security keys under your 2-Step Verification settings. Tip: You can use your key each time you sign in or skip using it on devices you trust. This type of key turns off after each use. If your key has none of these features, you may need to remove and reinsert it.If your key has a gold tip, tap and then press it.If you see a message from "Google Play services," select OK.Connect your key to the USB port in your computer.Your device will detect that your account has a security key. On your computer, open a compatible browser like Chrome, Firefox, Edge, or Opera.
0 kommentar(er)
