Phishing—when an attacker tries to trick you into giving them your credentials—is a common threat to all online users. Google's automated defenses securely block the overwhelming majority of sign-in attempts even if an attacker has your username or password, but we always recommend you enable two-step verification (2SV) to further protect your online accounts.
There are many forms of 2SV—from text (SMS) message codes, to the Google Authenticator app, to hardware second factors like security keys. And while any second factor will greatly improve the security of your account, for those who want the strongest account protection, we’ve long advocated the use of security keys for 2SV.
Titan Security Key
Titan Security Keys have extra “special sauce” from Google—firmware that’s embedded in a hardware chip within the key that helps to verify that the key hasn’t been tampered with. We’ve gone into more detail about how this works on the Google Cloud blog.
It’s easy to get started with Titan Security Keys. Kits of two keys (one USB and one Bluetooth) are now available to U.S. customers on the Google Store and will be coming soon to additional regions.
To set them up with your Google Account, sign in and navigate to the 2-Step Verification page (see detailed instructions on our help center). Titan Security Keys are also compatible with the Advanced Protection Program, Google's strongest security for users at high risk. And Google Cloud admins can enable security key enforcement in G Suite, Cloud Identity, and Google Cloud Platform to ensure that users use security keys for their accounts.