Comprehensive Review of the Google Titan Security Key v2

Google Store — Order page

1. Price and Delivery

I purchased the Google Titan Security Key v2 for 35 CHF, and I was impressed with its prompt delivery to Switzerland. Despite its shipment from the Netherlands, it arrived within a few days, demonstrating efficient shipping and a reasonable price point.

Order tracking history (Eindhoven to Geneva)

2. FIDO Version and Sign-in Management

Upon using the security key management tool in Google Chrome, I noticed that while it allowed me to set and reset the PIN, it did not display the resident keys (passkeys) of the Titan v2.

Titan v2: Sign-in data management window in Chrome

This was in contrast to a FIDO2.1 key, which provided this information in the same window.

Token2 PIN+ FIDO2.1 Security Key: Sign-in data can be managed individually

Similar results were observed with the fido2-manage.exe tool. While the -storage parameter shows the number of resident keys stored on a FIDO2.1 key, it throws a FIDO_ERR_INVALID_CBOR error when used with the Titan v2 key.

fido2-manage.exe results

The Titan v2 is FIDO 2.0 compliant, enabling it to store resident keys. However, it lacks a built-in method for managing these keys. Therefore, once a passkey is created, it cannot be removed. Despite this limitation, the key supports up to 250 passkeys, providing ample space for various authentication needs.

3. Microsoft Compatibility (fixed)

Although the Titan v2 is FIDO certified and listed in the Metadata service, it has limitations in terms of compatibility with Microsoft services like MS Entra Passwordless. Microsoft utilizes its proprietary FIDO2 key verification process, which does not include the Titan v2 in its approved key list. Consequently, users may encounter difficulties using the Titan v2 with Microsoft services due to this lack of compatibility.

Metadata for Titan v2 (from MDS service)

As a workaround, tenant administrators can choose to disable “Enforce Attestation,” which will bypass the requirement for the key to be present in Microsoft’s approved FIDO2 keys list. Not needed anymore (fixed — see update note in the bottom)

— -

In conclusion, the Google Titan Security Key v2 offers prompt delivery, strong security features, and a reasonable price point. However, users should be aware of its limitations in key management and compatibility with certain services, particularly Microsoft’s authentication ecosystem and services allowing only FIDO 2.1 protocol.

Update 10/03/2024 — If you require a FIDO2.1 key with extensive passkey storage, consider exploring Token2 PIN+ Release2 keys. They enable the storage of up to 300 passkeys, making them the current leader in terms of storage capacity on the market.

Update 19/04/2024 — Google has fixed the issue with attestation, this apparently was due to a “typo” mistake in FIDO MDS Database