Your Android phone can now double as a security key

An extra layer of security never hurt anybody, and now you can turn your phone into a physical security key.

Google has announced that any smartphone running Android 7.0 (Nougat) or later can now be used as a hardware security key for two-factor authentication (2FA).

Available in beta at the moment, the new feature is intended to provide an additional authentication factor and keep Google account users safe from phishing scams and other attacks that attempt to steal people’s login credentials. It can be used to protect your personal Google accounts, as well as Google Cloud Accounts at work.

There are a few basic requirements for using your smartphone as a FIDO2-based security key beyond running Android 7.0 or newer. For one thing, your phone will need to have both Bluetooth and location services enabled. Additionally, you will need to have a Bluetooth-enabled Chrome OS, macOS X or Windows 10 computer and use Google Chrome.

To turn on the new feature, you will need to add your Google account to your phone, ensure you’re enrolled in two-step verification/2SV (Google’s term for 2FA), click the ‘Add security key’ option in your 2SV settings and pick the relevant smartphone. Google also provides a detailed how-to guide for the setup process.

The extra factor

Two-factor authentication is a highly valuable way to add an extra layer of security to online accounts on top of your password – and with minimal fuss at that. The bottom line is that even if a cybercriminal steals your password they will still not be able to access your account unless they also possess the second factor.

There are several 2FA methods, but hardware-based solutions are generally seen as superior in terms of security to other methods, especially compared to the most common one that relies on text messages. (Make no mistake, however, even SMS-based 2FA is still far better than nothing.

Google launched its own hardware security key last year and revealed that security tokens had essentially done away with the problem of phishing attacks against its employees. Having said that, chances are you may not want to spend anywhere between US$20-60 on a security key, be it Google’s own or one made by firms such as Yubico and Feitian Technology. Which is where your Android smartphone may come into play.

written by Tomas Foltyn, ESET We Live Security

One thought on “Your Android phone can now double as a security key

  1. There is no way really to keep devices safe. I was hacked in a vicious way. I do nothing online. I don’t bank. Never use cookies.Java. never use social media and always use incognito. Never give my email or number. Real name. After police assistance n 18 months of hell. N spending 2000….I got vpb n express at cost. N now only use safe encrypted specialised email in alias. These new ones are not taking any of your details nor trading. For calls I use an old phone with no apps. Nothing. Jisy hello n goodbye but protected with a number I type in before each call n I use alias nickname for friends who were also affected through my problem. Internet is going to become victim of its own success n will have to go bk to basics. Without a doubt. If hackers can’t hack..,etc

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s