Great news indeed! Google has come up with a new advanced two-factor authentication method that would help you secure your Google accounts using your Android phone as a physical security key.
This new advanced two-factor authentication method secures Google accounts when users log in using the Chrome browser. This service can be used on Android devices running version 7.0 and higher.
Of course, two-factor authentication makes things secure for all kinds of logins. It helps protect users from attackers who try to trick users to reveal online credentials and also helps in preventing security breaches to a great extent. But still, there are instances when attackers successfully bypass this highly effective security measure as well, by adopting clever techniques. They could use fake sign-in pages to lure users into giving out their login credentials and other data. Google had already had security keys that helped users protect themselves from phishing attacks to a great extent. Now, taking a step forward, Google brings the 2SV (Two-step verification) method to another level by turning users’ personal Android phone into a physical security key.
A Google blog post, dated Apr 10, 2019, says, “We consider security keys based on FIDO standards, like our Titan Security Key, to be the strongest, most phishing-resistant method of 2SV on the market today. These physical security keys protect your account from phishers by requiring you to tap your key during suspicious or unrecognized sign-in attempts…Now, you have one more option—and it’s already in your pocket. Starting today in beta, your phone can be your security key—it’s built into devices running Android 7.0+. This makes it easier and more convenient for you to unlock this powerful protection, without having to carry around additional security keys. Use it to protect your personal Google Account, as well as your Google Cloud Accounts at work.”
Google recommends the service especially for people in their Advanced Protection Program, including activists, journalists, political campaign teams and business leaders, who have the highest risk of being targeted by online attacks.
The new 2SV method is easy to activate and use. The user needs to have an Android 7.0+ phone and a Bluetooth-enabled Computer (Chrome OS, macOS X or Windows 10) with a Chrome browser. The user should first add his Google account to his Android phone, making sure he’s enrolled in 2SV. Then, on the computer, he should visit the 2SV setting and click “Add security key” and then choose his Android phone from the list of available devices. That would activate the service; the user just needs to confirm that Bluetooth is turned on on the phone and the device- during the signing in process. Once this is done, the user can always verify his Google account sign in from his Android phone.
Registering a backup security key too would be good. The Google blog post says, “We recommend registering a backup security key to your account and keeping it in a safe place, so you can get into your account if you lose your phone. You can get a security key from a number of vendors, including our own Titan Security Key.”