Protecting your Google account from phishing just got a whole lot easier with the announcement that any Android smartphone running Android 7 or higher can now be used as a physical security key for two-factor authentication (2FA).
The tech giant already provides a number of 2FA methods including Google Prompt but physical security keys have been proven by its own teams to be the most effective method of combating phishing.
- Google boosts 2FA security protection for G Suite
- Yubico launches Security Key NFC and previews Yubikey for Lightning
- Android is now even more secure
Now with the announcement that you can use your Android smartphone as a security key, users will be able to securely access their Google accounts on Windows, Mac or Chrome OS using the device they already have on their person at all times.
Using your Android smartphone as a security key
To get started using your Android device as a security key, first you'll need to connect your smartphone to your computer using Bluetooth. Next you need to sign into your Google Account on the device and open your Google security settings (opens in new tab) on your computer. From there you need to select the option to add a security key and choose your smartphone from the list of devices.
Pixel 3 (opens in new tab) owners will be able to use the volume down button to activate their security key since Google has stored FIDO credentials inside the device's Titan M chip. On the other Android smartphones, you'll simply have to sign in and tap a button to activate your security key.
Currently the service is only available on Android devices and at this time it can only be used to login to Google services such as Gmail, G Suite and Google Cloud.
However, since the service uses the same protocols that a physical security key does, other companies could soon add support for it to their own services extending its functionality beyond Google.
Via The Verge (opens in new tab)
- Also check out the best Android VPN