Mark Atwood (fallenpegasus) wrote,
Mark Atwood
fallenpegasus

Thoughts on the Google Titan token

The tech press so excited about Google's "Titan" hardware token, and the breathless statement that they have "never had an account takeover" since rolling it out internally. They are excited about the wrong things, and are being taken for a ride by G's marketing and PR departments.


It's only a FIDO U2F token. I've had one for almost 2 years now, and my current employer issued me one on my first day of work, over a year ago. Mandating 2FA across an enterprise is hardly a new thing.


The actual stories here are:

* why did Google decide to cut out YubiCo?

* Was it price?

* Was it not-invented-here?

* Did Google not trust YubiCo to not backdoor the YubiKey tokens?

* Did Google want to put their own backdoor into the Titan tokens?

* Did Google license YubiCo's manufacturing patents? (If they did not, it will be really hard to manufacture them cheaper.)

This entry was originally posted at https://fallenpegasus.dreamwidth.org/860320.html. Please comment there using OpenID.
Subscribe

  • Post a new comment

    Error

    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    switch
    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    Help
  • 0 comments