You Can Now Use Your Android Phone As a Security Key

Posted on April 10, 2019 by Mehedi Hassan in Android, Google with 13 Comments

Google is upgrading the security of your Google Account today. The company is announcing the ability to use your Android phone as a security key to your Google Account.

That means you will now be able to use your Android phone as an alternative to a physical security key and get added protection for your account.

The feature works for those with Google Cloud Accounts as well.

Google says the feature will require you to have an Android phone running Android 7.0 or newer, and a Bluetooth-enabled Chrome OS, macOS, or Windows 10 device. But more importantly, you will need to use the Google Chrome browser for the feature to work.

Tagged with

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (13)

13 responses to “You Can Now Use Your Android Phone As a Security Key”

  1. codymesh

    "you will need to use the Google Chrome browser for the feature to work"


    don't all security keys use standards? why would it require a specific browser?

  2. know nothing

    How do you set it up?

  3. Daekar

    So... how is this different than what I already have, exactly? I already use my phone as a second factor on my Google Account regardless of what browser I'm using - Firefox on Ubuntu, Edgium on Windows 10, or Safari on iOS.

  4. Daekar

    In reply to ShaneR:

    Actually, I am not. This is built in to Android, I don't have my Google account added to the Microsoft Authenticator app, which is the only one installed on my phone.

  5. wright_is

    A shame it, like physical tokens, only work with Chrome, even though Firefox and (in the future, Edge) also have support for the interface.

  6. Daekar

    In reply to ShaneR:

    Actually, I never added Google to my Microsoft Authenticator the last time I did a factory reset on my S7 because they have a built-in Android function that does the same thing without having an authenticator at all. It doesn't require entering a number or anything, it just asks if you're trying to login from (some browser) on (some operating system) at (some IP address) near (some city).

  7. hallmanac

    In reply to ShaneR:

    Agreed. I think it works like LastPass does when it authenticates you. LastPass still uses their own LastPass Authenticator app but instead of a code (when they authenticate you - not a third party), you just click the green check mark that shows up and approve.

  8. IanYates82

    For those wondering why this is new, I have a theory...

    Since it requires Bluetooth, and requires Chrome, I suspect it's that when the website issues the second factor challenge, your Chrome browser can tell the site it has a token device available (your phone, connected via Bluetooth), and automatically use that to complete the challenge. So there's no need to touch your phone - just have it paired with your pc.

    One extra step removed but still quite secure since your phone must still be with you, and also with the browser instance that's trying to log in.


    Shame they didn't make it an extension. That'd mean you could install it in Opera, Edge (chromium) etc

  9. Matthias Götzke

    Did anybody get this to work ? I could set it up without issues but the prompt never comes. Does the phone have to be connected via bluetooth ? No matter what I did, it only said it sent a notification to the phone but nothing ever came.

Leave a Reply