Two-step authentication — a popular way of dealing with the theft of network identifiers, but the most reliable and most resistant to phishing method of data protection is considered a physical security key. Their only drawback — problems with availability and high price tag. Google has found an original way to get around this limitation: all the user needs to create their own "account key" — his own smartphone on Android.
In its official blog, the company announced that all Android devices running Android 7.0 Nougat and above can now be used as a physical security key. Unlike alternative two-step verification methods, your smartphone must be in close proximity to your PC or laptop to confirm that you are logged in to your account.
Authentication key using authentication protocols FIDO and WebAuthn through Bluetooth connection. The need for the physical presence of the gadget near the computer significantly reduces the risk of hacking, even if the text password is "stolen" by an attacker. The new security scheme works in Gmail, G Suite, Google Cloud, and other services with authorization using Google accounts. In the future, it is expected to significantly expand the list of supported sites and services.
To activate the built-in security key on your Android device, you need a Bluetooth-enabled computer with Chrome OS, macOS X (and above), or Windows 10 with Chrome. After adding a Google account to your smartphone, you need to activate the two-step authentication function and make settings according to the instructions on the official website. Google also recommends that you get a backup security key in case of damage, loss or replacement of your gadget.