Windows 10 patch blocks Google Titan keys over Bluetooth flaw

Microsoft’s June 2019 Patch Tuesday update for Windows brings the end to pairing between Google’s recently launched Titan Security keys and Windows devices. 

Apple cut off iPhone and iPad connections to Google’s Titan security key in the May release of iOS 12.3 as Google kicked off a return program due to a flaw that could allow a nearby attacker to sign into a Titan key-protected account, even though the key still securely served its main purpose of protecting users against distant remote phishing attacks. 

The product recall suggests Google could not economically fix the flaw in the security keys with a remotely delivered patch.    

Google launched the Titan keys as part of a two-factor authentication solution in the summer of 2018 with the intent to help protect Google Account users against phishing attacks. For $50, businesses and consumers could buy a bundle that included one model that could be used to authenticate after being physically connected and via NFC, and another that connected over Bluetooth. 

Security key maker Yubico — a supplier for Google employees’ own computers — opposed Bluetooth due to security and usability concerns.