Google Develops Physical Security Key Feature for Android Phones

By CIOReview | Thursday, August 8, 2019

Google announced its latest security feature, which allows its Android phones to be used as a physical security key. Its two-factor authentication (2FA) method offers a more secure login than any other existing 2FA methods. With this, Android phones can be used as physical security keys for login verification.

To activate this feature, users need to connect their phone to a chrome browser through Bluetooth. The authentication method is compatible with Gmail, G Suite, and Google Cloud. Google is keen on adding its other websites to the fold once it has certified the new authentication service.

Google has recommended this security feature to prevent unauthorized logins using stolen passwords, thus defending user accounts from phishing attacks. It is mainly designed for shielding online profiles of well-known personalities, business leaders, politicians, and those who are most prone to targeted online attacks.

Google has offered many two-factor authentication methods over the years, some less secure than others, ranging from SMS verification codes to Google prompt. The previous feature enabled android phones and the Google application on computers to sync over the internet. Even though the new security feature is very similar to Google prompt, it requires the Android phone to be physically close to a computer on which the Google account is to be authenticated. According to Google, it is designed to thwart hackers trying to get into private accounts from halfway around the world. It uses security specifications such as fast ID online (FIDO) and web authentication (WebAuthn) to activate the user login.

The setup takes no more than two steps. To be activated as a security key, the phone needs to be running on Android 7 or higher. Also, the Chrome browser should be running on a Mac OS or Windows 10 device. The user needs to sign into the Google account on their Android phone and turn on their Bluetooth, before opening the Google security account website in Chrome browser on the second device. After clicking on “twostep verification,” the option to add a security key appears. The Android phone is selected from the list of devices displayed on the browser window. Once it is activated, the Android phone can be used as a physical security key to log into the user account.