Now you should know that two-factor authentication is a vital and necessary component of good safety hygiene. That said, the most common ways of getting 2FA codes usually involve text messages or authentication apps that are not always hacker-safe. But today, at its Cloud Next conference, Google announced that you can now use an Android 7+ phone as a legitimate physical security key.
All you have to do is connect your phone via Bluetooth to a Chrome browser and confirm your logins. It works the same as Google's Titan Security Key, and includes the same WebAuthn and FIDO APIs. According to 9 to 5 Google, Pixel 3 users will be able to hold the volume down button during the authentication process. Meanwhile, other Android devices will use a screen button.
The advantage of a physical security key, such as Titan or now, Android phones, is that they are less vulnerable to spoofing, a practice where bad actors unfold their account to access your data. Because your phone should be in close physical proximity, it makes it much harder for hackers to phish your other factor information
It's easy to set up your Android phone as a security key. First, make sure your phone is running Android 7 or later. Also, make sure your computer has Bluetooth (which should not be a problem for most laptops), have the latest version of the Chrome browser and the latest version of the operating system you have installed on it. Then, sign in to your Google Account on your phone and make sure Bluetooth is turned on. Then, visit myaccount.google.com/security on your computer to enable 2-step verification (Google's term for 2FA), scroll down to "Add security key", select "Your Android phone" and select your phone from the list of available units.
At present, the service is limited to Google Accounts and other services such as Google Cloud. Gizmodo reached out to Google to see when it could expand to third-party sites, but we did not receive a reply immediately.
Who should do this? Google recommends it to "journalists, activists, business leaders, and political campaign teams most vulnerable to targeted online attacks." But anyone with a compatible Android phone using Google services should jump on this feature. It can be your gateway substance into the wider world of physical keys that protect you on a wide range of services.