How to secure your Google account with Titan Security Keys (Free for Pixel owners)
Events are still unfolding as I write this, but currently, there are many hacked YouTube channels. They are actively streaming a SpaceX interview with Elon Musk but have a large Bitcoin and Ethereum QR code with various promises of large payouts. This is a scam!
What is scary, is that there are over 40 000 people watching this particular live stream having allegedly paid over $4000 in bitcoins so far according to a tweet by the channel owner, Jon Prosser.
While this has been reported by many people to YouTube on Twitter, the stream is still live many hours later. As per Jon’s Tweet, YouTube replied with a “fill in the form and in a couple of weeks we will get back to you” (I am paraphrasing).
Jon is technical. He had 2 Factor Authentication enabled. He followed the rules. So how did his channel get hacked?
As per Jon’s tweet, it seems like the hackers did a SIM SWAP. The essentially convinced his service provider to transfer his number onto a new SIM card. A SIM card that will now receive the 2 Factor Authentication password. Once they had that and I am assuming his password to his channel, they were able to log in and delete his channel.
So how do you protect your channel?
How do you protect your Google Account which is the base account that runs your YouTube channel, your Gmail, Your Google Drive and everything else Google Related?
Clearly, 2-Factor Authentication is not good enough so its time to move to the next level which is the Titan Security Keys.
Titan Security works with “Security keys that use public-key cryptography to verify a user’s identity and URL of the login page ensuring attackers can’t access your account even if you are tricked into providing your username and password.”
How is that different than normal 2-Factor Authentication?
According to Google’s Titan site, “Titan Security Keys are built with a hardware chip that includes firmware engineered by Google to verify the key’s integrity. This helps to ensure that the keys haven’t been physically tampered with.”
In other words, there needs to be a physical device connected that after you put in your username and password, the physical device has the key that unlocks your account. Therefore, in order for someone to access your account, they would need this physical hardware. It’s the physical key to the online world.
There are three types of keys you can buy:
USB-A/NFC Security Key – For use with your computer. You can also connect to most Android and iOS devices that support USB or NFC.
USB-C Security Key – For use with your computer. You can also connect to most Android and iOS devices that support USB.
Bluetooth/NFC/USB Security Key – For use with Android and iOS devices. You can also use the Micro USB to USB-A connecting cable to connect to your computer.
The Titan Security Keys work with Google phones, Chromebooks, tablets, Google’s Advanced Protection Program, and virtually anything running Google Chrome.
The price of these keys is $25 and you can buy Titan keys from Google here:
Google Pixel Option:
If you have a Google Pixel phone there is another option – The Titan key is actually built into the hardware. So if you own a Google Pixel 4, Pixel 3 or a Pixel 3a phone, you will have the tamper-resistant Titan M security chip. Now all you need to do is enable it.
How to enable the Titan Key from your Google phone?
If you are a Google Pixel phone owner, just follow these steps:
- Your Google Pixel phone should be running Android 10.
- Open a new Chrome browser on your Windows 10 computer or macOS.
- Sign in to your Google Account on your Android phone and switch Bluetooth on.
- On your computer log into your Google account here myaccount.google.com/security
- Go to the “2 step authentication” section
- Click on the Add a security key
- You should see your Google phone listed in a list of devices.
- Select your phone.
- Now follow the prompts on your phone to confirm the process (I held down the volume button as per the indication on my phone)
- That’s it – you now have Titan Key Security on your Google Account.
And of course, please ensure you have a strong Google password!
Hope this helps and hope our friends get their channels back…
Read this next: