Google announced today that any phone running Android 7 or higher can now be used as a physical security key for two-factor authentication, giving you an even more secure way to log into Google apps than several other existing methods that Google provides right now. So if you want a physical device to verify your login, you don’t have to buy a dongle you can just use your phone.
To make your Android phone your security key, you’ll just need to connect your phone through Bluetooth to a Chrome browser to verify logins. (Some older desktop PCs don’t have Bluetooth, but it’s pretty universal on laptops.) The new authentication scheme works on Gmail, G Suite, Google Cloud, and any other Google account service, and uses the FIDO authentication standard. Google says other websites might join in later on, but it’s still in the process of certifying its authentication service.
Two-factor authentication can help prevent unauthorized logins in the event that someone gets your password, which is important when leaks and phishing attacks can put accounts at risk.
Google recommends that everyone use their phone as a security key, but, in particular, it recommends it for “journalists, activists, business leaders, and political campaign teams who are at risk of targeted online attacks.”
