Android Phones Can Now Serve As Bluetooth-Based Two-Step Verification Keys

Apr 10, 2019
10Shares
Submit

Long gone are the days when a strong password was enough to secure your account. It is now easier (and more difficult at the same time) than ever for attackers to gain access to your private data such as email addresses, passwords etc. The only way forward is to use measures such as two-step verification which require the use of and physical 2SV security keys, like Google’s Titan Security Key. A few days ago, G Suite users got the ability to use third-party Bluetooth keys on their accounts and today; Google is working on making every device running Android Nougat 7.0  2SC physical security key.

Related EA Calls Loot Boxes “Surprise Mechanics”, Blame Sony & Microsoft over Age Checks

Your phone will work like a traditional proximity-based token and will have to be near the device where you’re signing in. This requirement of proximity, as well as the use of both FIDO and WebAuthn authentication protocols to double-check the authenticity of the website, makes phishing a lot harder. The new feature works on most Google services such as Gmail, G Suite, Google Cloud. Oher websites are also expected to join in at a later stage.

The feature is currently in beta. To get started, you’ll need an Android 7.0+ device, a Bluetooth-enabled Chrome OS, macOS X, or Windows 10 computer with a Chrome Browser. It is important that the Google account on your phone be the same as the one you’re trying to log into The next step involves you registering your phone as a security key using this link. Then, head over to the 2SV settings from your computer and click “Add Security Key,” and choose your Android device from the list of available devices. You would need Bluetooth enabled on both the phone and the computer when you do choose to sign in again. The next time you sign into your Google account with Chrome on a computer you don’t normally use, Google will prompt you to bring out the phone you chose as your security key. Google also recommends creating a backup security key to ensure that you still have access to your account even if you lose your device.

Source: Google

Submit