Thoughts on the Google Titan token: fallenpegasus

Thoughts on the Google Titan token

The tech press so excited about Google's "Titan" hardware token, and the breathless statement that they have "never had an account takeover" since rolling it out internally. They are excited about the wrong things, and are being taken for a ride by G's marketing and PR departments.

It's only a FIDO U2F token.  I've had one for almost 2 years now, and my current employer issued me one on my first day of work, over a year ago.  Mandating 2FA across an enterprise is hardly a new thing.

The actual stories here are:

* why did Google decide to cut out YubiCo?

* Was it price?

* Was it not-invented-here?

* Did Google not trust YubiCo to not backdoor the YubiKey tokens?

* Did Google want to put their own backdoor into the Titan tokens? 

* Did Google license YubiCo's manufacturing patents?  (If they did not, it will be really hard to manufacture them cheaper.) 

This entry was originally posted at https://fallenpegasus.dreamwidth.org/860320.html. Please comment there using OpenID.

Post a new comment
Error

Comments allowed for friends only

Anonymous comments are disabled in this journal
We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

Anonymously

switch

LiveJournal

Facebook

Twitter

OpenId

Google

MailRu

VKontakte

Anonymously

default userpic

Your reply will be screened

Your IP address will be recorded

Preview comment

Help
0 comments

Post a new comment
0 comments

Log in

Thoughts on the Google Titan token

Error