Google has announced Android phones can now be used as a Bluetooth-based security key to be used for two-factor authentication. The new functionality enables users to add an additional layer of security to a Google account via the Chrome browser.
Anyone with an Android phone running Nougat (and up) can jump aboard with the simple one-time enrolment, which uses the Fast Identity Online (FIDO) protocol. Once complete, users will be able to enter their password within the Chrome browser on the desktop and receive a prompt on their phone to complete the login by holding the volume down rocker.
The new feature, which applies to a personal Google account as well as G Suite, might save Android users from buying a dedicated security key dongle to gain access to their account.
It will also enable Google account holders to move from the current two-step verification method – which commonly combines a password plus a text code – to full two-factor authentication, which combines two of a password, security key and a biometric indicator like a fingerprint.
“The big difference here is that local proximity,” Google product manager Christiaan Brand explained in a blog post (via VentureBeat).
“The fact that your browser on your machine and your phone communicate using a local protocol and does not go via the cloud. All other push-based technology so far is kind of based on the fact that there’s a message being sent throughout the cloud. Here, we’re saying no, the message will be local. And that is essential to this phishing resistance. Having this local protocol between the two devices is what makes this technology strongly resistant to phishing.”
He said the physical security key dongles are less convenient because in today’s world, because they can often mean having a cable that fits both the key and the host device.
Brand added: “Asking the user to have a cable ready that’ll fit both their device and the machine they’re trying to sign in at some point in time almost takes away all the convenience of being able to use your phone.
“The chance that you have your phone there is very, very high. But the chance that you have the exact correct cable is very low. At that point in time, it might just be the same as having to carry around a physical security key.”
In order to enrol, follow the prompts on this Google support page.
Will you be enrolling in Google’s new security key feature with your Android phone? Let us know @TrustedReviews on Twitter.