Recently the almighty Google added a new way to verify your logins this week: using your Android phone as a physical security key for two-factor authentication.
You should be using two-factor authentication to log onto websites, so that even if someone has your password from a data breach, they won’t be able to get in. And now with the new feature, if you have an Android phone running 7 or higher, you also have a convenient security key.
It’s more secure than many existing 2FA options (such as using SMS) because your phone will check in with your computer via Bluetooth to make sure you’re on the correct website and not being phished. SMS can be hacked, and most other secondary methods of verifying your logins won’t be able to check you’re attempting to log on to the right site.
What Is Two Factor Authentication?
Two-factor (2FA) or multi-factor authentication (MFA) is an additional security layer for your business helping to address the vulnerabilities of a standard password-only approach.
In today’s online environment, the rudimentary “username and password” approach to security is easy prey for cyber criminals. Many log-ins can be compromised in minutes, and private data (such as personal and financial details) is under increasing threat.
Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person’s devices or online accounts, because knowing the victim’s password alone is not enough to pass the authentication check.
Two factor authentication has long been used to control access to sensitive systems and data, and online service providers are increasingly using 2FA to protect their users’ credentials from being used by hackers who have stolen a password database or used phishing campaigns to obtain user passwords.
How To Setup Two-Factor Authentication With Your Android Phone
Your computer should be running Windows 10, macOS, or Chrome OS, with any version of Chrome 72 or later. (Interestingly, Google doesn’t let you set this up via a mobile device, so you can’t use one phone to set up another phone as a key.) Before you start, make sure that your phone has Bluetooth turned on.
It’s easier than you might think!
Setting up 2FA on an account is a three-step process. You need to provide your current credentials by typing in your password again (this helps keep someone else from adding it to your account), even if you’re currently logged into the service
Here’s how to set it up:
- If you haven’t yet, make sure to add a Google account to your phone by heading into Settings > Accounts > Add account > Google.
- Then, on your computer, open a Google Chrome browser.
- Head into myaccount.google.com/security on Chrome and click on “2-Step Verification.
- If you don’t have two-step verification set up yet, enter this site, and follow these instructions. The TL;DR is that you’ll need to log in, enter a phone number, and select what secondary methods of verification you’d like, which brings us back to…
- Scroll down the list of secondary methods and select “Add Security Key.”
- Choose your phone from the list of options; it should automatically show up.
That’s it! You’ve set up your phone as a security key and can now log in to Gmail, Google Cloud, and other Google services and use your phone as the secondary method of verification. Just make sure your phone is in close proximity to your computer whenever you’re trying to log in. Your computer will then tell you that your phone is displaying a prompt. Tap on the prompt to verify your login and you’re all set!
Above is a screenshot of what it looks like when you’re prompted on your phone to verify a login. It’s similar to what Google Prompt looks like already, with the main difference being that your phone will be checking with the website to verify it’s the right one.
- Read Also: How To Recover A Disabled Facbook Account
Is Two-Factor Authentication Secure?
While two-factor authentication does improve security because the right to access no longer relies solely on the strength of a password. two-factor authentication schemes are only as secure as their weakest component. For example, hardware tokens depend on the security of the issuer or manufacturer.
The account-recovery process itself can also be subverted when it is used to defeat two-factor authentication, because it often resets a user’s current password and emails a temporary password to allow the user to log in again, bypassing the 2FA process. The business Gmail accounts of the chief executive of Cloudflare were hacked in this way.
Conclusion: Two-factor Authentication Security With Android Phone
Now that you know a little more about 2FA, we hope you’re inspired to set it up and use it wherever you can. Most popular services Google, Facebook, Twitter, Amazon, Steam and more. Subscribe below for more updates like this thanks.