Skip to Content
Security & privacy

Google now lets you use your Android as a physical key

Phishing is still one of the most widespread techniques hackers use to gain access to your online accounts or critical data. With these scams, deceptive emails or fraudulent login pages could trick you into handing over critical data like your passwords.

This is why it’s highly recommended that you enable two-factor authentication (2FA), aka two-step verification (2SV), on your online accounts whenever it’s available.

With this option enabled, you will have another layer of security to protect your accounts. The idea is that a hacker is going to have a much harder time getting both forms of ID, and it’s true.

Security codes for 2FA are typically sent via text message or authentication apps. The bad news is, text-message based 2FA is vulnerable to a variety of cellphone data interception techniques like SIM and number porting scams.

The ultimate form of security

Due to these dangers, the best form of 2FA is to skip code-based two-factor authentication altogether and rely on hardware security keys instead.

These types of hardware security keys are starting to become popular with some online services. In fact, Google introduced its own brand of security hardware last year with the launch of its Titan Security Keys.

Now, Google is offering another hardware method for securing your account — and it’s that one thing that you’re carrying with you every day.

Your Android phone is now your security key

Google recently rolled out a new option that turns smartphones that are running Android 7.0 (Nougat) and later into hardware security keys for protecting Google accounts.

With this new feature, instead of carrying an additional hardware USB security key for logging in to your Google account, you can authenticate requests with prompts directly sent your Android phone instead.

This will also eliminate the need for text message codes and third-party authenticator apps, significantly lowering the risk from data interception and phishing attacks.

How to turn your Android phone into a security key:

This new security option is now available on smartphones running Android 7.0 (Nougat) and later with Google Play Services installed. Here’s how you enable it.

1. First, sign in with your Google account on your Android phone.

2. Make sure you’re enrolled in Google’ Two-Step Verification (2SV).

3. On your desktop, go to your Google 2SV settings page, scroll down then click “ADD SECURITY KEY.”

4. Choose your compatible Android phone on the list of devices (make sure Bluetooth is activated on both your phone and your computer) and you’re set!

Now, whenever you sign in to your Google account with your username and password, an “Are you trying to sign in?” notification will be sent to your Android phone. Follow the instructions on your phone to confirm that it’s you signing in.

You can use your smartphone as your main 2SV verification method for all your Google services when signing in on Chrome with a Bluetooth-enabled Windows 10, macOS or Chrome OS gadget.

For ultimate safety, I recommend securing your Android phone’s lock screen with a password that’s a combination of letters, numbers and symbols. Aim for at least eight characters.

Additionally, create printable physical backup security codes for your Google account and keep them in a secure place. This way, you can still log in to your Google account even if you lose access to your paired Android smartphone or hardware security key. App background

Check out the free App!

Get tech updates and breaking news on the go with the App, available in the Apple and Google Play app stores.

Get it today