Recently I've been performing a personal online security audit. It sounds more tedious than it is (I actually enjoy it), but it really is essential to take that extra effort to protect yourself and your loved ones from the big baddies online trying to steal your sensitive data. Strong passwords help and so do security codes but there's nothing better than being the only person with the key. Let's talk about it.
Aren't SMS security codes enough?
Many sites support SMS multi-factor authentication, aka enter your phone number and you'll receive a text with a super secret code. Shoot, Apple even made it super easy and auto populates it for you in Safari. But, while it is a form of two-factor authentication, I started feeling a bit hesitant about giving every website my phone number. Don't you? What if they got hacked? That's not something I can control. Spam text and calls are annoying enough that I really struggle to hand over my number. In fact, lots of security experts are suggesting people stop using SMS security codes.
The next step is using two-factor and multi-factor authentication. I'm already using multi-factor authentication on many of my online accounts where available and thanks to 1Password, this has become even easier. The app can automatically generate codes and like Apple, it auto populates it when I need it, all without me having to hand over my personal phone number.
However, there are still some sites where I would like another layer of security to take that extra step and make sure I am the only person that can log in to an online account and that's where the Google Titan Security Key comes in.
Another security key, but not the primary one
The Titan is a small USB C (or USB A) device that can be used to authenticate your accounts by either plugging into your phone/laptop or using NFC. It's $35 for the USB C option (that's what I got), so it's not going to break the bank and is a great way to add another authentication option to your online accounts.
Also, notice I said another authentication method.
Many sites allow you to register multiple authentication methods: SMS, push notifications to an app like Okta or Authy, creating a security code through apps like Google Authenticator, or a physical key like the Titan. Personally, I like adding multiple methods. If you leave your phone at home, you can use your key. If you leave your keys at home, you always have your phone. Left both at home? That's where 1Password comes in.
When would I use this?
I'm not dealing with top secret information, so what sites would possibly warrant something like that? Here are a few:
- My main email. You know, the one I use to log into my bank accounts and receive very important notifications and documents.
- Anything tied to my social security number: IRS, TSA Pre-Check, or Global Entry accounts
- Any website tied to my money: bank and investment accounts, crypto accounts, and digital wallets
- Any site tied to important information: Turbo Tax, HR Block, my work accounts, client accounts
These are all sites that are important to you that could be important to other people should they obtain access.
What are other options?
If you want alternatives to the Titan, Yubico makes a wide range of security keys depending on your budget and preferences. The Wirecutter also compared the Yubico keys to the Titan, so you can check that out if you want to compare before buying.
I am by no means an online security expert or saying the Titan is the best security key out there. There are people smarter than me and who have access to many other security key options. Personally, I picked the Titan for a few reasons:
- I use Google products and services at home and at work, so compatibility wide, I should be covered there;
- It's small, compact, and works with Android and iPhone using USB C or NFC
- I, like many others, use Google Chrome and Chrome has the ability to use a physical key for MFA
Make sure to consider the sites you intend on using this for and what security key protocals they are compatible with so you can be sure to purchase the right one.
Why I Bought This Tech
Mr. Ted was the head janitor at my elementary school. He knew the school inside and out and was the coolest person in the building because he had all the keys. There was not a door in the building Mr. Ted could not unlock. And, when we had school assemblies and events, he would pick students to stay after lunch and help move the tables and set the cafeteria.
Mr. Ted made us feel safe and super cool because we knew what was behind those locked doors. Chairs, and tools, are important things for adults but not for 4th and 5th graders if we're being honest. But if Mr. Ted knew your name, you were one of the cool kids.
This Titan key makes me a bit like Mr. Ted. One person with the key to all the important things in my family's life online.
If you like this kind of nerdy stuff, you might like my previous post as well.