Connect with us
McAfeemcafee banner ad


Google just gave most Android phones the ability to act as a security key

You just need one running Android 7.0 or newer.

Image: Techspot

Listen, by now you probably know all about why you should be using two-factor authentication to help keep your online accounts safe. If your bank/social media/forum/gaming account has two-factor as an option (yes, even if it’s SMS-based), you should be using it.

That goes the same for your Google and Gmail account, which has offered a variety of two-factor authentication methods for a while now. Now, that list just got longer with the ability to use your Android phone as a hardware-based authentication method.

Owners of Pixel devices have been able to use their phone as a hardware-based verification method for ages now, with an on-screen prompt every time Google detects a sign-in attempt to your account. Now, any Android phone running 7.0 (Nougat) or higher will also get this feature, making it more difficult for thieves to get into your online accounts.

That means that a would-be thief would actually need your phone in-hand to get into your accounts. Prior to this, all of the other two-factor authentication methods have been vulnerable to man-in-the-middle attacks, where criminals get the authentication codes sent to them instead. Hardware keys prevent this, although you still need access to the hardware yourself.

How to enable two-factor on your Android phone

  • Go to the security page for your Google account from your Android phone
  • Then click on Two-step verification, which is under the Signing into Google section
  • Tap Get Started and enter your Google password again
  • You’ll then get a page that either will ask you Use your phone as your second sign-in step or you might need to tap on Choose another option at the bottom of the page, and change the drop-down to Use security key
  • That’ll give you a list of compatible devices that you’ve signed in to your Google account on. Select the phone you want to use from the list, and tap on Add. You’ll need to make sure that Bluetooth and Location are both enabled on the phone.

To use the phone you just set up as a security key on your computer

This couldn’t be simpler, just make sure that your computer has a Bluetooth adapter.

  • Enable Bluetooth on your computer (you don’t need to pair your phone)
  • Sign into your Google account on any browser
  • Check your Android phone for a sign-in notification
  • Follow the instructions to verify that it’s you trying to sign in

This is a great addition to security on Google accounts. While FIDO-based security keys have been around for ages, having to remember an additional piece of hardware is onerous. Nobody goes anywhere without their phone so it’s a perfect tool to add security.

It’s a shame that Windows Mobile crashed and burned, or maybe we’d have the chance to get two-factor authentication security alerts brought to us by Clippy…

Plan on using the Android two-factor authentication method? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience at KnowTechie, SlashGear and XDA Developers. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere, with particular focus in gadgetry and handheld gaming. Shoot him an email at joe@knowtechie.com.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Android