It’s always a good idea of have two-step authentication enabled on your accounts to thwart phishing attempts. The most commonly used forms of authentication include push notifications and text messaging codes. However, hackers can work around that limitation with fake sign-in pages to steal credentials. Google thus considers security keys based on FIDO standards to be the strongest protection against such attempts and so it now allows your Android phone to double as one.
Google considers the security keys to be the strongest, most phishing-resistant method of two-factor authentication on the market. The physical keys protect users’ accounts from phishers by requiring them to tap their key during a sign-in attempt that’s flagged as unrecognized or suspicious.
Starting today, in beta, it’s possible to use an Android smartphone as a security key. This functionality is built into devices that are running Android 7.0 and up. This makes it more convenient to use this powerful protection without having to carry additional security keys. It can be used to protect a personal Google Account as well as Google Cloud Accounts at work.
In order to activate the phone’s security key, users require a smartphone running Android 7.0 or higher and a Bluetooth-enabled computer running Chrome OS, macOS or Windows 10. Users first have to add their Google Account to their phone, ensure that they have two-factor authentication enabled, and then visit its settings and click on “Add security key.”
They can then choose their Android device from the list of available devices and that’s just about it. When signing in, users have to ensure that Bluetooth is enabled on the phone and the device they’re signing on.