Mark Atwood (fallenpegasus) wrote,
Mark Atwood
fallenpegasus

Thoughts on the Google Titan token

The tech press so excited about Google's "Titan" hardware token, and the breathless statement that they have "never had an account takeover" since rolling it out internally. They are excited about the wrong things, and are being taken for a ride by G's marketing and PR departments.


It's only a FIDO U2F token. I've had one for almost 2 years now, and my current employer issued me one on my first day of work, over a year ago. Mandating 2FA across an enterprise is hardly a new thing.


The actual stories here are:

* why did Google decide to cut out YubiCo?

* Was it price?

* Was it not-invented-here?

* Did Google not trust YubiCo to not backdoor the YubiKey tokens?

* Did Google want to put their own backdoor into the Titan tokens?

* Did Google license YubiCo's manufacturing patents? (If they did not, it will be really hard to manufacture them cheaper.)

This entry was originally posted at https://fallenpegasus.dreamwidth.org/860320.html. Please comment there using OpenID.
Subscribe

  • Razors

    I'm getting ads for I think five different "all metal" "get the best shave of your life" "throw away the plastic" razor startups. They all seem to be…

  • Doing what needs to be done

    On May 1st, one of my co-residents found one of the feral rabbits that live in the area cuddled up against a corner of the house. It was seriously…

  • The CTO of Visa, after listening to me present

    Some years ago, I was asked to travel to the corporate meeting center to present at a presentation-fest to the CxO staff of Visa. Yes, the one with…

  • Post a new comment

    Error

    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    switch
    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    Help
  • 0 comments