- Android phones running Nougat or higher can now be used as physical 2SV security keys.
- Google has unlocked the functionality and urges people who are likely to get targeted by phishing actors to use it.
- Everyone should take the extra step, as it’s easy to set up and use, maximizing the security of your account.
Google has announced that you may start using your Android phone as a physical two-step verification key, securing you from phishing actors and attempts against your Google Accounts. Similar to how the Google Titan 2FA security keys work, an Android phone could be used for verification when the user is logging into Google apps using a Chrome browser or the Chrome OS. The only prerequisites are to use a computer that has Bluetooth connectivity, and that your phone is running Android 7.0 Nougat or higher. The whole process is based on the FIDO certification, something that Google has been actively working to bring to Android lately.
Google says the security key is built-in in your Android device, and all that you have to do is set it up for use with your account. To do this, you add your Google Account on the phone that is to be used as the 2SV security key and then enroll in 2SV from within your account’s settings. Next, on the computer, you visit the 2SV settings on your Google Account again and click on the “Add security key” option. The Android phone that you have used to login to your account in the first step should now be offered as an option, so you choose it from the list and you’re good to go!
From then on, all that you’ll have to ensure is that your phone is within the Bluetooth range of your computer for the authentication to take place. If it is, you’ll get a message on your phone, asking you to confirm the login action by holding the volume button down, and that’s it.
Two-step verification procedures that are based on physical keys are much more robust and reliable compared to SMS verification, which is susceptible to SIM swapping attacks. That said, we urge you to take advantage of this new 2SV way offered by Google, as it will help you further secure your account. However, it is important to point out that physical keys can be lost or stolen, so it’s important not to forget to set up a backup key as well. If you don’t do that, you will lose access to your account if your phone is lost or stolen. A spare Titan key should do the trick in that case.
Are you planning to activate 2SV on your Android device to protect your Google Accounts? Let us know in the comments below, and help us spread the word by sharing this post through our socials, on Facebook and Twitter.