?

Log in

No account? Create an account
entries friends calendar profile My Website Previous Previous Next Next
Thoughts on the Google Titan token - Mark Atwood
10:51 am July 26th, 2018
fallenpegasus
fallenpegasus
Share
Thoughts on the Google Titan token
The tech press so excited about Google's "Titan" hardware token, and the breathless statement that they have "never had an account takeover" since rolling it out internally. They are excited about the wrong things, and are being taken for a ride by G's marketing and PR departments.


It's only a FIDO U2F token. I've had one for almost 2 years now, and my current employer issued me one on my first day of work, over a year ago. Mandating 2FA across an enterprise is hardly a new thing.


The actual stories here are:

* why did Google decide to cut out YubiCo?

* Was it price?

* Was it not-invented-here?

* Did Google not trust YubiCo to not backdoor the YubiKey tokens?

* Did Google want to put their own backdoor into the Titan tokens?

* Did Google license YubiCo's manufacturing patents? (If they did not, it will be really hard to manufacture them cheaper.)

This entry was originally posted at https://fallenpegasus.dreamwidth.org/860320.html. Please comment there using OpenID.
Leave a comment
profile
Mark Atwood
Name: Mark Atwood
Website: My Website
calendar
Back August 2018
1234
567891011
12131415161718
19202122232425
262728293031
page summary
tags