Last month, Google began testing a new way to use Android smartphones as two-factor authentication keys to allow users to protect their Google accounts from phishing.
Phishing is a more frequent phenomenon than malware and occurs when an attacker induces a user to reveal their account credentials. Google has found that 81% of user account passwords are weak.
2FA cloud technology has been available on Android for years, but the new method is based on hardware and the new feature is now available for all devices in the world running Android 7.0 Nougat or later.
The new feature uses the same FIDO standard as Yubikeys and Google Titan Security Keys and it would be interesting if Google found a way to allow sites other than their own to use this new security key format.
To activate two-factor authentication, users need an Android Nougat, Oreo, Pie, or soon Q phone and Bluetooth-enabled Chrome OS, macOS, or Windows 10 computer with the latest Chrome (72+) browser installed. The same Google Account has to be signed into both devices.
- Sign into your Google Account on your Android phone and turn on Bluetooth
- On your computer, navigate to myaccount.google.com/security
- Select 2-Step Verification
- Click “Add a security key”
- Choose your phone from the list of available devices