You can buy Google’s $50 set of Titan security keys now | Cyber Security

Google just made its Titan security keys available on its store.

The $50 set comes with both the USB and Bluetooth versions of the Titan security key. CNET got an exclusive hands-on with the Titan keys when Google announced them in July and we tested them out with Gmail, Twitter and Facebook accounts.

You can buy them now from the Google Store online if you live in the US, and they’ll be coming to more countries soon, Google said. If you only want an individual key, Google only offers it for enterprise customers for now, the company said.

The security keys come at a time when phishing attacks are running rampant, with more than 40 percent of breaches happening due to lost passwords.

Phishing attacks are when hackers send deceiving emails intended to trick victims into typing in their passwords. These sophisticated schemes have hit inboxes belonging to politicians, celebrities and banks, but they also frequently target everyday people online.

In a study, Google found that half of its participants fell for phishing pages, said Christiaan Brand, a Google product manager for identity and security. While you’d like to think you can tell the difference between actual emails and phishing attempts, often times it’s too difficult, said Sam Srinivas, a product management director for information security at Google.

“Today in phishing, we tell people make sure you’re looking at the right URL. That’s an unfair burden on the user,” he said.

Security keys are designed to remove that burden by offering an extra layer of security after typing in your password, he added.

These keys are a form of two-factor authentication — which can also be offered through typing in a PIN code sent to your phone or approving access through an app. Two-factor authentication is an important protection against hackers because even if your password is stolen, attackers would need the second element to access your accounts.

Security keys kick it up a notch by making the second factor something physical that you can hold in your hands. They’re also able to tell you if the website you’re visiting is a fake version. Google — as well as multiple security experts — believe keys are more secure than using codes sent to your devices because a physical key is much harder for hackers to steal than a digital code.

In July, Google boasted that since it adopted security keys, none of its 85,000-plus employees had their accounts hacked. Security keys aren’t a new technology, as companies like Yubico and Feitian also offer the service, sometimes at a cheaper price.

While the Titan Key has NFC capabilities, you won’t be able to touch and tap it on your Android phone to use it yet. That’s because Android devices need an update to enable that, Brand said.

But even Google admits that the security key might not be for everyone. The security keys add an advanced level of protection, which Google recommends for highly targeted people, like politicians and activists. For the average person, it might be a different story.

“For generic users, Google is pretty good at blocking more than 99 percent of fraudulent activity and access to accounts, so security keys might not be the right fit at this moment,” Brand said.  

Taking It to Extremes: Mix insane situations — erupting volcanoes, nuclear meltdowns, 30-foot waves — with everyday tech. Here’s what happens.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.