SIM-swapping hasplagued cryptocurrency holdersfor close to a year, and now Googles head of account security has had enough.
He wants to put a stop to it with a clever gadget the size of a flash drive.
Anovert reliance on SMS-based two-factor authentication(2FA) systems has only compounded the problem.
40% off TNW Conference!
Google is one of many tech giants to present a solution.
This can be done via USB, NFC, or Bluetooth.
A button then is pressed on the Key which will cryptographically register the gear to a user account.
We commissioned some research several years ago about spam, Mark told Hard Fork.
The expected yield on one of those break-ins was thousandths (or tens of thousandths) of a penny.
It was insignificant gain so it only worked at scale.
Theres no code that sends over the airwaves, nothing is sent to the telcos, said Mark.
The Titan Key that is physically present makes SMS a non-threat, he continued.
A SIM-swapper taking over a phone number is not going to give an advantage to the attackers.
It is a far more robust form of 2FA than simply relying on a one-time code sent via SMS.
This means users cant exactly secure their Coinbase accountsdirectlywith a Titan Key.
OK but how are they different from other security keys?
Hard Fork asked the difference between Googles Titan Keys and other similar solutions out on the market.
RSAs SecurID a physical dongle that displays a 6-digit code to be used when logging into accounts is one.
Googles own Authenticator app is another.
They then jot down in that code, and that does the authentication, he explained.
In this scenario, all the burden of proof rests solely with the user.
Thats different with the Titan Keys; Google designed its firmware to detect when a user is being phished.
Its worth mentioning there arepretty similar (and cheaper) alternatives on the market, most notably Yubikey.
By all accounts the Yubikey seems great but even recent versions dont support wireless connection via Bluetooth.
Someone who you would work with and knew by name.
He also added that most cryptocurrency exchanges are pretty young companies.
Wait, didnt a Google Twitter get hacked by Bitcoin scammers?
Ironically, Hard Fork reported on a related matter a few months back involving a hacked Google Twitter account.
This was through some service provider and Im not really sure of their relationship.
Another dampener is that Titan Keys are currently region-locked they can only be sold in the US.
He’s currently on the finance beat.
