Google lets you use your phone as a hardware security key for two-factor authentication.

Update, June 12, 2019 (5:55 PM ET): The “How To” article below gives you instructions on how to use an Android device as a 2FA tool on computers running Chrome OS, Windows 10, or macOS. However, now you can use an Android device to unlock, of all things, an iPhone.

It’s more likely that people will use this new functionality to unlock other iOS devices, such as iPads, but if you happen to carry around both an iPhone and an Android phone, you can use the latter to unlock the former.

The instructions below will also work for iOS devices but with one small change: you need to use the Google Smart Lock iOS app instead of using a computer to visit a web address. Other than that, the steps and functionality are similar.


Original article, April 11, 2019 (04:00 AM ET): Two-factor authentication is a key way to help ensure your online accounts remain secure. Google has offered this solution for years now, but it’s stepping things up by letting you use your Android phone as a hardware security key of sorts.

Currently, users with two-factor authentication can receive web-based notifications, emails, or a call on their phone, allowing them to quickly refuse or grant account access. But cyber-criminals can (and have) skirted these alerts in order to steal account credentials.

Read: Android security review 2018 —Huge boost in device security updates

One alternative is to buy a hardware security key fob that uses Bluetooth, NFC or USB connectivity to authenticate account access. And Google’s latest solution is a similar, hardware-based approach that’s actually based on the prominent FIDO2 standard.

The Mountain View company will let you use any Android 7.0 Nougat phone or better, as these devices all have the required security key tech. Google also requires a ChromeOS/Mac/Windows 10 computer with Bluetooth, and a compatible browser (i.e. Chrome).

To enable the functionality on your Google account, you’ll need to do the following:

  • Go to myaccount.google.com/security on your Android phone to enable two-step verification if you haven’t done so already (Security > 2-Step Verification > Get Started).
  • From the 2-Step Verification page, you’ll need to scroll down and select Add Security Key.
  • You’ll then be presented with a list of compatible devices that belong to you. Select your desired phone from the list and tap add. Do note that you’ll need to enable Bluetooth and Location on your phone before using the feature.

To use the feature on your computer, Google says you simply need to follow the instructions below:

  • Enable Bluetooth on your computer (you don’t need to actually connect to the phone)
  • Sign into your Google account.
  • Check your Android phone for a sign-in notification.
  • Double-tap the “Are you trying to sign in?” alert (although we were presented with the option to immediately say “yes” instead).
  • Follow the instructions to confirm that you’re trying to sign in.

Interestingly, a Google GIF shows Pixel 3 users holding down on the phone’s volume-down button to confirm access. Check it out below.

It’s a very handy addition overall, and should go a long way to ensuring that your Google account is as secure as can be. We also hope this security key technology spreads to other websites and services in the near future, as it could drastically reduce cases of account breaches.

NEXT: New Google laptops and tablets said to be coming with productivity in mind

Comments
Read comments