We live in a world that increasingly – no…near entirely relies on digital systems, and with that comes the increase in potential threats to your personal data. While Google does offer the Advanced Security Program which safeguards users with high visibility and sensitive information from targeted online attacks (think journalists, politicians, human rights activists, etc.), there are other ways to protect yourself and your information beyond this and Google’s excellent, standard account security.
Today, I’m going to be talking about the Titan Security Key – a hardware chip that helps prevent account takeovers from phishing attacks and ensures that no one else can access your device but you. Do keep in mind that you can also set up backup codes and even use an Authenticator app on your phone to get logged in with 2 step verification, but going a “step” further than that, did you know that you can also use a standalone device to add an extra layer of separation between you and malicious attempts?
What is a Security Key?
This “security key” can come in several forms like Google’s Titan Security Key, but most popularly the Yubikey brand, and offers many benefits over traditional 2SV or 2FA methods. They can sit right on your keychain, and are most often required to be physically plugged into USB-A/NFC or USB-C/NFC (Google discontinued the Bluetooth key and introduced NFC last year).
Google’s Titan Security Chip
– Phishing-resistant two-factor authentication (2FA) devices that help protect high-value users
– Works with popular devices, browsers, and a growing set of apps that support FIDO standards
– Built with a hardware chip (with firmware engineered by Google) to verify integrity of the key
– Available on the Google Store and for bulk orders in select countries
You can also use the Google phone prompt or standard Bluetooth Phone Hub pairing for unlocking your Chromebook, for example, but these hardware keys are superior according to experts as they offer tamper-resistant hardware designed to resist physical attacks aimed at extracting firmware and secret key material.
Google Pixel 6, 6 Pro and the Titan M2 Chip
However, these may not always be something the average user thinks to go and pick up, nor does everyone truly understand these accessories. For that reason, I find it important to mention that Google’s most recent phones – the Google Pixel 6 and 6 Pro – come with the Titan Security Key built right into them, meaning that a load of people who have already purchased these devices can benefit from advanced security without the need for the additional purchase of a standalone keychain accessory.
While Pixel devices have implemented Google’s world-class Titan M Security Chips since the Pixel 3, and all of the company’s phones from that point on have Google’s world-class security on board, the Pixel 6 and Pixel 6 Pro went ahead and built on that to make things so much more secure with the Titan M2.
The Titan M2 is a totally separate custom chip that has more storage, memory, and better cryptography engines for key management. It also has internal SRAM, one-time-programmable (OTP) memory, and uses the open0source Trustee TEE (trusted executive environment), which is sort of like its operating system.
How to add a Security Key to your Google Account
Let’s go ahead and put your Pixel device to work to protect you in new ways. To do so, please keep in mind that you must be running at least Android 10 – something that shouldn’t be a problem for most Pixel users as they get updates first. First things first – visit your Google Account on the web using another device like your Chromebook or desktop and navigate to your Security page.
Then, tap 2-Step Verification, and you’ll be met with the following page showing your options for adding a phone for Google prompts, printing backup codes, enabling the Authenticator app, and adding a security key. Obviously, you’re going to select that last one given its name, and then you should see the following prompting you to “Add security key”. Afterward, a pop-up dialog box with all compatible devices on your Google Account that can be used as security keys should appear.
All you’ll really need to do from this point is select your Google Pixel 6, 6 Pro, or compatible Pixel device and hit the “Next” button. Do keep in mind what we discussed earlier regarding the Titan M vs. the Titan M2, so if you have a Pixel 4 or 3 already on your account, but you also just purchased a newer Pixel 6 or 6 Pro, you’ll want to go with the latter for increased protection.
Pro Tip: Did you know that you can only have one security key on your standard Google Account at a time? If you upgrade to a Pixel 6 or 6 Pro and set it up as a security key, you’ll be prompted to switch from your older device by disabling it in place of the newer one. You can have more than one security key active on an Advanced Security Program account, and can even set up security keys for Google Workspace!
Google will then give you the rundown. You need to keep your phone’s Bluetooth enabled at all times if you want to use it as a security key since your phone doesn’t plug into your Chromebook or desktop in the same way that a Yubikey or standalone Titan Security Key would. You’ll also need to sign in from Google Chrome or Edge while attempting to access your Google Account. Note that other browsers are not supported!
Tap “Next” to confirm that you understand and agree to this, and then you’ll see that your phone has been added as a security key. You can also follow these steps to add those aforementioned standalone Yubikey or Titan keychain chips. Tap “Next” again, and Google will show you how to sign into your account using your newly set up security key-phone combo.
Using your Pixel phone as a Security Key
It should go without saying that you need to have your phone nearby and within Bluetooth range while signing into your account as that’s the entire reason we set your phone up this way, to begin with, so just tap “Next” one last time to confirm that you understand this as well. You’re all set! You will now see your Pixel 6 or 6 Pro under the “Your security keys” menu that you’re taken back to after viewing this awesome animation which shows the process of signing in with your phone’s security key.
By visiting Google.com and clicking “Sign in” at the top right of the screen or by turning on your Chromebook (which utilizes your Google Account for logging in), you’ll then be met with a 2-Step Verification prompt after entering your password. Go ahead and look at your phone to approve this as seen below, and you’re done!
Using a Security Key with your Chromebook
In order to benefit from this advanced protection on a Chromebook – whether you’re plugging in a Yubico Key, Titan Security Key from your keychain, or bringing your newly set up Titan M2-enabled Pixel phone nearby to unlock your laptop, you may need to perform an extra step.
Open the Settings app on your Chromebook and navigate on the left to Security and Privacy. Then, tap or click “Manage other people”. Turn off “Show usernames and photos on the sign-in screen”, and each time you go to sign in, you’ll need to enter your username and password after which you’ll be taken to a pop-up web browser where you’ll perform that two-step verification. You can undo all of this by re-enabling “Show usernames and photos on the sign-in screen”.
Pro tip: If you’re setting up a Yubico Key instead of a Titan Security Key, you can install the Yubico Authenticator app on your Android or iOS device to sign into your Chromebook, but their app doesn’t currently work on chromeOS, according to its official documentation!
Yubico Support
If you need to troubleshoot any 2-step verification issues such as recovering an account protected by it, avoiding account lockout when 2SV is enforced, or using this method with legacy apps, you can visit Google’s Workspace Admin help page which covers all of the nuts and bolts. I hope this is helpful for anyone trying to have more peace of mind with their Google Account, and especially for those who have picked up Google’s new Pixel phone!
Join Chrome Unboxed Plus
Introducing Chrome Unboxed Plus – our revamped membership community. Join today at just $2 / month to get access to our private Discord, exclusive giveaways, AMAs, an ad-free website, ad-free podcast experience and more.
Plus Monthly
$2/mo. after 7-day free trial
Pay monthly to support our independent coverage and get access to exclusive benefits.
Plus Annual
$20/yr. after 7-day free trial
Pay yearly to support our independent coverage and get access to exclusive benefits.
Our newsletters are also a great way to get connected. Subscribe here!
Click here to learn more and for membership FAQ