apache titan_Google会通过其Titan安全**通知用户有关漏洞的信息
apache titan
Titan Security Keys are marketed as phishing-resistant two-factor authentication (2FA) devices that help protect high-value users such as IT admins. They have been around for quite some time and have been largely promoted as the most secure second-factor device ever, both by Google itself and media.
Titan安全**作为防网络钓鱼的双重身份验证(2FA)设备销售,可帮助保护IT管理员等高价值用户。 它们已经存在了很长一段时间,并且已被Google本身和媒体广泛推广为有史以来最安全的第二因素设备。
However, a particular model of Titan ( BLE) turns out to be not very secure, as today, Google has sent out a message to G Suite administrators with users supposedly using the affected devices, recommending to replace the devices.
但是,事实证明,特定型号的Titan(BLE)不太安全,因为今天,Google已向G Suite管理员发送了一条消息,提示用户使用的是受影响的设备,建议更换这些设备。
While the details of the vulnerability are not disclosed and it is even not clear whether this is severe security at all, this incident shows again that there can never be a 100% secure method, and as usual, security-savvy users should be keeping abreast of the latest reports. So, if you happen to use any Google Titan Keys or Feitian MultiPass BLE U2F keys (both appear to be the same product), it is recommended to replace it with something more reliable (a TOTP token, for example).
尽管没有披露该漏洞的详细信息,甚至还不清楚这是否是严格的安全性,但此事件再次表明,永远不可能有100%安全的方法,并且像往常一样,精通安全性的用户应该保持同步最新报告。 因此,如果您碰巧使用了任何Google Titan**或Feitian MultiPass BLE U2F**(两者似乎都是同一产品),建议用更可靠的东西(例如TOTP令牌 ) 代替 。
UPDATE: Regular users (non G-Suite) were also informed
更新:常规用户(非G-Suite)也被告知
UPDATE2: This appears to be a security issue indeed
UPDATE2:这确实确实是一个安全问题
UPDATE3: Feitian launches a replacement program
UPDATE3:Feitian启动替换程序
apache titan