Your Android phone can now double as a security key

Google has announced that any smartphone running Android 7.0 (Nougat) or later can now be used as a hardware security key for two-factor authentication (2FA). Available in beta at the moment, the new feature is intended to provide an additional authentication factor and keep Google account users safe from phishing scams and other attacks that attempt to steal people’s login credentials. It can be used to protect your personal Google accounts, as well as Google Cloud Accounts at work.

There are a few basic requirements for using your smartphone as a FIDO2-based security key beyond running Android 7.0 or newer. For one thing, your phone will need to have both Bluetooth and location services enabled. Additionally, you will need to have a Bluetooth-enabled Chrome OS, macOS X or Windows 10 computer and use Google Chrome.

To turn on the new feature, you will need to add your Google account to your phone, ensure you’re enrolled in two-step verification/2SV (Google’s term for 2FA), click the ‘Add security key’ option in your 2SV settings and pick the relevant smartphone. Google also provides a detailed how-to guide for the setup process.

Two-factor authentication is a highly valuable way to add an extra layer of security to online accounts on top of your password – and with minimal fuss at that. The bottom line is that even if cybercriminals steal your password they will still not be able to access your account unless they also possess the second factor.

There are several 2FA methods, but hardware-based solutions are generally seen as superior in terms of security to other methods, especially compared to the most common one that relies on text messages. (Make no mistake, however, even SMS-based 2FA is still far better than nothing.