large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Your Android phone is now a security key – and you should definitely use it

Google has announced Android phones can now be used as a Bluetooth-based security key to be used for two-factor authentication. The new functionality enables users to add an additional layer of security to a Google account via the Chrome browser.

Anyone with an Android phone running Nougat (and up) can jump aboard with the simple one-time enrolment, which uses the Fast Identity Online (FIDO) protocol. Once complete, users will be able to enter their password within the Chrome browser on the desktop and receive a prompt on their phone to complete the login by holding the volume down rocker.

The new feature, which applies to a personal Google account as well as G Suite, might save Android users from buying a dedicated security key dongle to gain access to their account.

It will also enable Google account holders to move from the current two-step verification method – which commonly combines a password plus a text code – to full two-factor authentication, which combines two of a password, security key and a biometric indicator like a fingerprint.

“The big difference here is that local proximity,” Google product manager Christiaan Brand explained in a blog post (via VentureBeat).

“The fact that your browser on your machine and your phone communicate using a local protocol and does not go via the cloud. All other push-based technology so far is kind of based on the fact that there’s a message being sent throughout the cloud. Here, we’re saying no, the message will be local. And that is essential to this phishing resistance. Having this local protocol between the two devices is what makes this technology strongly resistant to phishing.”

He said the physical security key dongles are less convenient because in today’s world, because they can often mean having a cable that fits both the key and the host device.

Brand added: “Asking the user to have a cable ready that’ll fit both their device and the machine they’re trying to sign in at some point in time almost takes away all the convenience of being able to use your phone.

“The chance that you have your phone there is very, very high. But the chance that you have the exact correct cable is very low. At that point in time, it might just be the same as having to carry around a physical security key.”

In order to enrol, follow the prompts on this Google support page.

Will you be enrolling in Google’s new security key feature with your Android phone? Let us know @TrustedReviews on Twitter.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.