Two-factor authentication is a key way to help ensure your online accounts remain secure. Google has offered this solution for years now, but it’s stepping things up by letting you use your Android phone as a hardware security key of sorts.
Currently, users with two-factor authentication can receive web-based notifications, emails, or a call on their phone, allowing them to quickly refuse or grant account access. But cyber-criminals can (and have) skirted these alerts in order to steal account credentials.
One alternative is to buy a hardware security key fob that uses Bluetooth, NFC or USB connectivity to authenticate account access. And Google’s latest solution is a similar, hardware-based approach that’s actually based on the prominent FIDO2 standard.
The Mountain View company will let you use any Android 7.0 Nougat phone or better, as these devices all have the required security key tech. Google also requires a ChromeOS/Mac/Windows 10 computer with Bluetooth, and a compatible browser (i.e. Chrome).
To enable the functionality on your Google account, you’ll need to do the following:
- Go to myaccount.google.com/security on your Android phone to enable two-step verification if you haven’t done so already (Security > 2-Step Verification > Get Started).
- From the 2-Step Verification page, you’ll need to scroll down and select Add Security Key.
- You’ll then be presented with a list of compatible devices that belong to you. Select your desired phone from the list and tap add. Do note that you’ll need to enable Bluetooth and Location on your phone before using the feature.
To use the feature on your computer, Google says you simply need to follow the instructions below:
- Enable Bluetooth on your computer (you don’t need to actually connect to the phone)
- Sign into your Google account.
- Check your Android phone for a sign-in notification.
- Double-tap the “Are you trying to sign in?” alert (although we were presented with the option to immediately say “yes” instead).
- Follow the instructions to confirm that you’re trying to sign in.
Interestingly, a Google GIF shows Pixel 3 users holding down on the phone’s volume-down button to confirm access. Check it out below.
It’s a very handy addition overall, and should go a long way to ensuring that your Google account is as secure as can be. We also hope this security key technology spreads to other websites and services in the near future, as it could drastically reduce cases of account breaches.