If you own one of Google’s Titan Security Keys, there’s a chance that you need to get it replaced. Specifically, the Bluetooth dongle from the original Titan Security Key has a known vulnerability that Google has been made aware of and is offering to replace yours for free if affected.
The “bug,” as Google refers to it, has a misconfiguration that leaves open the possibly for an attacker to align a series of events in order to gain control of your Bluetooth key and then access your account. The chances of everything aligning might be slim, but there is still a chance. For more details on how exactly that’ll work, hit up the source link at the bottom of this post.
How do you know if you need a replacement? See the image above? If your Bluetooth Titan Security key has a “T1” or a “T2” on the bottom of it, you need a replacement. To get a replacement, you should head to google.com/replacemykey. Just make sure you are signed-in with the Google account used when you purchased the Titan Security Key and that link will recognize that you are eligible for a replacement. Follow the instructions there to get your free one.
What should you do if you have a bad key? Google recommends using your bad key to sign-in one last time from a secure space where no one is within 30 feet, and then immediately unpairing it. If you don’t do that and own a phone that’ll pick-up the June security patch next month, your phone will automatically unpair it.
What about the USB and NFC keys in the Titan Security Key package? You can keep using those. This “bug” does not affect them.