Google to distribute 100,000 Titan Security Keys to high-risk users

Google is distributing another 100,000 free pieces of security hardware to protect people involved in high-risk industries.

Google’s Titan Security Keys work as a “second factor” that can be used after passwords are entered. They can also store passkeys — which let users sign in to apps and sites the same way they unlock their devices: with a fingerprint, a face scan or a screen lock PIN.

With Titan Security Keys, users can store passkeys for accounts beyond Google, including Microsoft. It uses FIDO2 technology, a security standard for authentication on the web.

Google rolled out the product at the Aspen Cyber Summit in New York City and said throughout 2024 it plans to hand out 100,000 keys at no cost to people working in governments around the world, particularly those involved in the administration of elections.

Many of the high risk users are part of Google’s Advanced Protection Program (APP), which protects prominent people like activists, journalists and more from online attacks.

The company already handed out the same number of keys in 2023. Google said it is working with non-profits like Access Now, Defending Digital Campaigns, Freedom House, the International Foundation of Electoral Systems, Internews and PUBLIC on the effort.

"For the people we serve at Defending Digital Campaigns (DDC), high risk users on political campaigns, using FIDO2 security keys as part of implementing the strongest authentication possible, is our number one recommendation,” said Michael Kaiser, President and CEO of Defending Digital Campaigns, an organization that helps political campaigns and parties protect themselves online.

Defending Digital Campaigns has sessions scheduled with both parties in early December to explain security measures needed for the upcoming elections in 2024.

“Our partnership with Google, which allows us to provide keys to federal campaigns for free, has had a significant impact in increasing cybersecurity in the political sector."

Google officials said they embarked on this effort due to persistent concerns about stolen passwords. The first Titan Security Key was released in 2018.

“We think the best way to eliminate the risks of passwords is to get rid of them altogether,” Google said. “Passkeys are a simpler, safer way to sign into your accounts - without the need for a password. They use FIDO2 credentials and cryptography, so you can use your existing devices to securely confirm who you are.”

Carlos Guerra, Internews’ Technical Advisor on Digital Security Programs, said adopting two-factor authentication is one of the most significant steps people can take to protect their online accounts, which have been increasingly targeted over the years at all levels and professions.

Depending on the threats they are dealing with and the situations they are in, physical security keys, including those that use FIDO 2 technology, can be especially helpful tools for high-risk human rights defenders and civil society organizations, but getting them can be difficult due to cost and logistics, Guerra explained.

“Big distribution programs like Google's are important in getting secure tools to the people who really need them,” Guerra added.