Google Will Now Let You Use Your Android Phone as a Physical Security Key


By now you should know that two-factor authentication is a vital and necessary component of good security hygiene. That said, the most common ways of getting 2FA codes usually involve text messages or authenticator apps, which aren’t always hacker-proof. But today, Google announced at its Cloud Next conference that you can now use any Android 7+ phone as a legit physical security key.

Basically, all you have to do is connect your phone over Bluetooth to a Chrome browser and verify your logins. It works similarly to Google’s Titan Security Key, and includes the same WebAuthn and FIDO APIs. According to 9 to 5 Google, Pixel 3 users will be able to hold the volume down button during the authentication process. Meanwhile, other Android devices will use an on-screen button.

The advantage of a physical security key—like the Titan or now, Android phones—is that they’re less vulnerable to spoofing, a practice where bad actors impersonate your account to gain access to your data. Because your phone would have to be in close, physical proximity, it makes it much harder for hackers to phish your second-factor information

Setting up your Android phone as a security key is simple. First, you have to make sure your phone is running Android 7 or newer. You’ll also have to make sure your computer has Bluetooth (which shouldn’t be an issue for most laptops), has the latest version of the Chrome browser, and the most up-to-date version of whatever operating system you have installed on it. Then, you can sign onto your Google Account on your phone and make sure Bluetooth is turned on. After that, you can visit on your computer to turn on 2-Step Verification (Google’s term for 2FA), scroll down to “Add Security Key”, select “Your Android Phone”, and pick your phone from the list of available devices.

Read more…