In the middle of last year, Google announced that during 2017 each and every one of its 85,000 employees had not been victims of phishing. How did they achieve this? Making the use of USB physical keys, or ‘Security Keys’, mandatory. Due to this success, a few months ago Google put on sale its own security keys, the Titan Security Keys. And today, you are enabling the option for an Android mobile to act as one of these security keys.
Today, the two-step authentication method (2FA) is one of the most effective ways we have to keep our access to various online services safe. However, it is not perfect and has already shown on more than one occasion that its use through SMS is relatively simple to violate. Now, just by having an Android smartphone we can enable 2FA in a physical way for greater security.
An advanced form of two-step direct authentication on Android
Although security keys are relatively inexpensive and easy to obtain, many people still do not use them as a two-step authentication method, which leaves their information at risk. Google says it wants to end this trend by using our smartphone, which is always with us, as an authentication method and wait for this to mass.
How to activate it?
To activate an Android as a security key, the first thing we have to do is connect it via Bluetooth to the Chrome browser on our computer, so that it can be used as a method to verify logins. This feature is compatible at the moment with Gmail, G Suite, Google Cloud and any other Google account service.
We will also need to enable the use of our Android smartphone as a security key, we will also have to enter ‘myaccount.google.google.com/security’ and within the ‘two-step authentication’ section select the option to add a security key , where we will have to choose our Android smartphone that we previously linked to Chrome via Bluetooth.
To use it, our Android must have at least version 7.0 of the operative and is compatible with Chrome either in Windows or macOS. In addition, we will need our computer to have a Bluetooth connection. Thanks to the Titan M chip, the owners of a Pixel 3 can use the volume button to approve the logins, while the rest of the Android users will have to log in a window and press a button on the screen.
Google, how did you do it?
For this function, Google mentions that it uses the authentication standards FIDO and WebAuthn, which serve to verify that we are in the right place and there is no risk of phishing. At the moment it is only available for Android smartphone and in Google service session startups, but the company mentioned that they already work with other services that use the FIDO standard to add them in the future to the support of security key via Android.