Concerns about Chinese manufacturer of Google’s Titan Security Key

Last week, Google announced that the Titan Security Key would finally be available to everyone. The physical security key provides a two-step verification that would not be susceptible to phishing. But now it turns out that the key is produced in China and there are concerns about its safety.

Motherboard states that Google does not produce the Titan key itself. Instead, it uses a third party; Feitian Technologies. This is a Chinese company that produces all kinds of 2fa products. It already sells it in Western countries, but because it is originally a Chinese company, there are still some safety concerns.

Physical security

Some security experts are critical about Google’s choice to have the whole thing put together in China. One of the concerns lies in the simple fact that Chinese legislation means that companies have to cooperate with requests from the security services. This means that Feitian may be forced to install a back door in the Titan keys.

At the same time, Google states that the risk of abuse is small. The company adds the firmware to the chips in a familiar environment and delivers it to the manufacturer. It therefore monitors the functioning of the device itself. They are also permanently sealed hardware chips. As a result, no one would be able to access the chips and make changes.

How Titan works

Basically, the Titan Security Key is very simple. Two-step verification is used, whereby a user has to confirm his or her identity in two ways. First of all, users log in with their login name and password. Then they can confirm their identity in two ways.

On computers, they have to place Titan, which is a physical usb key. If someone wants to log in via a mobile device, they must use the supplied Bluetooth or NFC key. Google itself states that since its employees have to use Titan to log into their account, there have been no successful phishing attacks.