Summary

  • Google’s Titan Security Key stores up to 250 passkeys but lacks data management, causing potential long-term problems for users.
  • It appears that passkeys cannot be deleted individually, requiring a complete factory reset if you want to add more than the initial 250 passkeys.
  • Existing and potential Titan key users may be dissuaded by the lack of data management and potential security risks of being capped at 250 passkeys.



If you consider yourself to be more serious about security than the average person, you may already own a product like the Titan Security Key from Google. This device is a physical key that acts as a security token, comprised of Google’s Titan M cryptoprocessor. With enough storage to house up to 250 passkeys, the Titan Security Key has become a popular option in the security key segment. However, one flaw has been discovered that could bring the product’s long-term success to a halt.


Related

Google’s new Titan Security Key is its latest step towards a passwordless future

Who needs passwords when you can have a key the size of your patience for remembering them?

As explained by Heise Online, the Titan Security Key can store up to 250 passkeys, but there does not seem to be an administrator option for data management. This means that once you upload a passkey to the device, there are no options to delete it after the fact — it’s on the Titan key permanently unless you’re willing to wipe all of your data off of it.


The risks of sticking with your Titan Security Key

While it will likely take you a while to fill up all 250 storage slots, the fact that you need to factory reset the Titan key to eliminate any of the data is a big problem. The source has attempted to confirm the issue with Google, but there has been no response as of writing. Feitan, which provides the hardware for the key, has stated that Google fuses its firmware onto the device — this suggests that there is no way to update it.


If all of this information is true, the flaw could be a big turn-off for existing Titan key users, as well as those who are interested in purchasing the security key. Although the Titan key has been around for a few years, Google has still been working hard to promote the device as a means of propelling the concept of a passwordless future. The company recently released updated versions of the Titan key featuring USB-A and USB-C connections. However, this newly discovered issue could put a dent in sales, as well as Google’s ongoing efforts to promote multifactor security.