Google has announced at its Cloud Next conference that it’s allowing all Android phones to act as physical security keys when you want to log into your Google account. If your phone is running Android 7.0 or later, it can be used as a key to give you access to your account if two-step verification is turned on.
You may be confused by why I’m referring to your phone as a physical security key. After all, you can already use prompts and SMS codes on your phone to verify your identify and log into your Google account. Serving as a physical security key is an alternative to these methods as it requires your phone to be in near proximity to your PC. The feature uses Bluetooth to find your phone and Google’s FIDO security technology to log you in.
It’s a much more secure way of logging into your Google account. Even if you have two-factor authentication enabled, if a hacker has access to your text messages or remotely connects to your phone, it can dismiss the necessary prompt or find the required SMS code to log in with. But with today’s new feature, your phone has to be in close proximity with the computer you’re trying to log in with, putting remote hackers’ ambitions to a screeching halt.
This is also an alternative to Google’s physical security dongles that cost $20. They plug into your computer and verify your identity to log you in. They’ll still be sold, but if you don’t want to shell out any extra money, your phone can now fully replace that method.
To use the feature, make sure your phone’s Bluetooth is turned on. Then, visit myaccount.google.com/security and select “2-Step Verification.” Afterward, choose “Add security key” and then select your device from the list. Once finished, when you try to log into your Google account, you’ll be prompted on your phone so long as it’s in close range.
Notably, the process will vary depending on which type of device you have. If you have just a simple Android phone, you’ll be asked to unlock your phone and press a button. However, if you own a Pixel phone, all you’ll have to do is press one of the volume keys. This is because Google is able to utilize its own Titan M chip to securely store your data. Therefore, it can simply look for a volume button press and make sure it’s authentic.
Google says the feature is rolling out starting today as a beta. Right now, it only works as a way to log into other Google-branded websites, not third-parties that ask for your Google account credentials.