Google just gave most Android phones the ability to act as a security key
You just need one running Android 7.0 or newer.
Listen, by now you probably know all about why you should be using two-factor authentication to help keep your online accounts safe. If your bank/social media/forum/gaming account has two-factor as an option (yes, even if it’s SMS-based), you should be using it.
That goes the same for your Google and Gmail account, which has offered a variety of two-factor authentication methods for a while now. Now, that list just got longer with the ability to use your Android phone as a hardware-based authentication method.
Owners of Pixel devices have been able to use their phone as a hardware-based verification method for ages now, with an on-screen prompt every time Google detects a sign-in attempt to your account. Now, any Android phone running 7.0 (Nougat) or higher will also get this feature, making it more difficult for thieves to get into your online accounts.
That means that a would-be thief would actually need your phone in-hand to get into your accounts. Prior to this, all of the other two-factor authentication methods have been vulnerable to man-in-the-middle attacks, where criminals get the authentication codes sent to them instead. Hardware keys prevent this, although you still need access to the hardware yourself.
How to enable two-factor on your Android phone
- Go to the security page for your Google account from your Android phone
- Then click on Two-step verification, which is under the Signing into Google section
- Tap Get Started and enter your Google password again
- You’ll then get a page that either will ask you Use your phone as your second sign-in step or you might need to tap on Choose another option at the bottom of the page, and change the drop-down to Use security key
- That’ll give you a list of compatible devices that you’ve signed in to your Google account on. Select the phone you want to use from the list, and tap on Add. You’ll need to make sure that Bluetooth and Location are both enabled on the phone.
To use the phone you just set up as a security key on your computer
This couldn’t be simpler, just make sure that your computer has a Bluetooth adapter.
- Enable Bluetooth on your computer (you don’t need to pair your phone)
- Sign into your Google account on any browser
- Check your Android phone for a sign-in notification
- Follow the instructions to verify that it’s you trying to sign in
This is a great addition to security on Google accounts. While FIDO-based security keys have been around for ages, having to remember an additional piece of hardware is onerous. Nobody goes anywhere without their phone so it’s a perfect tool to add security.
It’s a shame that Windows Mobile crashed and burned, or maybe we’d have the chance to get two-factor authentication security alerts brought to us by Clippy…
- Facebook was awarded a patent that lets it peep in on your personal life through photos
- 5 best free password managers in 2019
- Jumbo is a new privacy assistant for your social accounts
- Mozilla’s Firefox will protect you against crypto-jacking scripts in future releases
- Tesla Sentry Mode has already scored its first arrest