Android 7.0+ phones can now be used as 2SV security keys for Google accounts
With every passing day, we spend more of our time building our online identity. These online identities have become absolutely tied into our physical lives, making them very lucrative targets for people with impure motives. So it comes as no surprise that phishing attacks are one of the most common causes of security breaches, as attackers trick and steal these online identities to cause major damage. Two-step verification a.k.a. 2SV makes it difficult to steal online identities, and physical 2SV security keys, like the Titan Security Key from Google, are considered to be the strongest and most phishing-resistant method of 2SV as they ensure your physical presence when accessing these online identities
Now, Google has announced that all Android devices running Android 7.0 Nougat and above can be used as a 2SV physical security key. What makes this announcement important is the fact that this would require your phone and your computer to be physically close to each other, as The Verge reports and Google’s own announcement post doesn’t. This requirement of proximity, as well as the use of both FIDO and WebAuthn authentication protocols to double-check the authenticity of the website, makes it all the more difficult for a phishing attempt to be orchestrated. The new authentication scheme works on Gmail, G Suite, Google Cloud, and other Google account services. Google is still in the process of certifying its authentication service, so other websites may also join in at a later stage.
To activate the built-in security key on your Android 7.0+ device, you need a Bluetooth-enabled Chrome OS, macOS X, or Windows 10 computer with a Chrome Browser. Assuming you have added your Google account to your phone, you have to enrol in 2SV. Then, visit the 2SV settings from your computer and click “Add Security Key,” and choose your Android device from the list of available devices. Needless to say, you would need Bluetooth enabled on both the phone and the computer when you do choose to sign in again. In the same breath, Google also recommends a backup security key to ensure that you still have access to your account even if you lose your device.