Google now lets Android phones serve as a physical security key for logging in

The advantage of a physical security key is that they’re less vulnerable to spoofing.


Most of us are familiar with what Google's two-step authentication feature is all about, only that we don't really use it. That's mostly because of how inconvenient it is to wait for an OTP every time you need to log into a Google app.

Google is just made the switch to two-factor authentication (which is far more secure) much simpler.

The tech giant has just announced that one can now use an Android smartphone as a physical security key, offering you a more convenient way to log into Google apps with the security of two-factor authentication.

Google now lets Android phones serve as a physical security key for logging in

Your Android phone is your new yubikey. Image: Google

Using the feature for 2FA is fairly simple. All you'll have to do is connect your phone over Bluetooth to a Chrome browser and verify your logins. The only prerequisite here is that your phone has to run on Android Nougat 7.0 at the least.

Announcing the feature at its Cloud Next conference, Google mentioned that the feature includes the same WebAuthn and FIDO APIs, used in company's Titan Security Key.

Using 2FA, essentially means a hacker can’t use phishing to trick you into handing over your online credentials. Similarly, FIDO security keys — like the Titan Security Key — prevent your account from being phished by requiring you to plug in and tap your physical device. Google wants to bring those benefits to more people by having Android phones act as security keys.

Here how you can start using your Android phone as a physical security key:

  • Step 1 - Open Google Chrome on your Windows, ChromeOS or macOS device.
  • Step 2 - sign in to your Google Account on an Android phone and turn on Bluetooth.
  • Step 3 - Open myaccount.google.com/security in Chrome on your device and tap “two-step verification.”
  • Step 4 - Select the option to add a security key, and choose your phone from the list of devices.

As per a report by 9to5Google, Pixel 3 users will be able to hold the volume down button during the authentication process. Meanwhile, other Android devices will use an on-screen button.

As of now, the service is only available on Android phones, and it works only for logins to Google services, not to third-party sites. Other browsers besides Chrome could gain support in the future, but we'll have to wait for that to happen.

The Great Diwali Discount!
Unlock 75% more savings this festive season. Get Moneycontrol Pro for a year for Rs 289 only.
Coupon code: DIWALI. Offer valid till 10th November, 2019 .