Google worked well with securing the user accounts and third-party authentications using various multiple stage verification processes. From the past years, Google managed to implement many security features including 2FA over SMS OTP, Google Authenticator app, etc. Google now introduces another key feature which lets you use your Android smartphone as a physical security key.
Here is a complete guide on how to use your Android smartphone as a physical security key for your Google account.
Android Phone as a Security Key
As mentioned, Google already uses multiple stage verification methods for Google accounts. Aiming to improve the security, and to rectify the flaws faced in the OTP methods, Google introduced the physical security keys like Titan Security Key. These physical devices need to be plugged in, or placed near to the system which the user is attempting to sign in.
Even though it was widely used by business personals and work groups, many users were not at all ready to purchase such a key device to secure Google account. A Titan Security Key costs $50 to buy from Google, is a major reason that drags most people away from buying one. Google introduces the new feature as an alternate for buying a Physical Key. You can set up your smartphone as your personal physical key to log in to Google account and services.
Google claims that Android smartphones will be the future of Physical Security keys. Instead of 2FA (Two Factor Authentication) or 2SV (Two Step Verification) methods (which are already vulnerable) to sign in to Google Accounts, Google users can now sign-in to their account using their Android smartphone itself. It is obvious that Google is making an attempt to get rid of the traditional “password” method to sign in to the accounts.
Set up Security Key on Android
Currently, the Android smartphone Security Key feature is under the Beta stage. Any Smartphone users running Android 7.0 or higher can now have the feature right on the device with some simple steps. Any Android smartphones meeting the standards can have the feature, and there is no limitation for regions and models, unlike some older features. Here is how to set up your Android smartphone as a Physical Security Key.
- Sign in to the Google Chrome browser on your PC.
- Log in using the same account on your Android smartphone, which you do want to use as the security key.
- Visit Google 2SV (Two-step Verification) website from your PC (Google Chrome).
- Get started with the Setup.
- Enable the Two Factor Authentication or Two-Step Verification for your Google account.
- This basically does need to be configured using the OTP through the registered mobile number of Google Authenticator app.
- Authenticate using your Google account password.
- Scroll down to “Set up alternative second step” section.
- Find the Google Authenticator option, as well as the Security Keys.
- Click “ADD SECURITY KEY” under “Security Key.”
- You can find your smartphone listed in there, among the Google Security Key devices.
- Choose your smartphone from the window.
- Click Add Security Key to use the built-in security key feature on your smartphone.
- Click Done.
You just added your Android smartphone as a physical security key for your Google account. The Android smartphone now acts as a real-world key for your Google Account, but without plugging into any of your systems. You can secure the Google account by using this extra layer of security feature from Google.
Remove a Security Key Device
Google allows you to remove the devices, in case you have lost your smartphone, or want to revoke the security key access for a device. You can do the same from the Google Two-Step Verification page itself. Follow the steps below.
- Go to Google 2SV page from your PC, logged in to the same Google account.
- Find the smartphone under the Security Key title.
- Click the trashcan icon on the right, against the security key device.
- Proceed to remove the device.
This is going to be a life-saving tip especially when you lose the Android phone that you already set as a security key for your Google Account.
How to Sign in to Google Account using Security Key
After you have finished setting up your smartphone as a Security Key for the Google Account, it will register your device as “trusted” and you will get the login verification prompts on the device. There is already a login prompt feature for Google Accounts. It just prompts the login verification on any Android smartphone or tablet where the same account is logged in. This can be misused by anyone who has logged in to your account from any corner of the world.
This ‘vulnerability‘ induced Google into bringing the physical security key feature to Android, which does almost the same as the latter. However, you cannot do it from any part of the world. No spoofers or hackers can access your account from another corner of the world, without having your smartphone nearby. Both the login-device and the Security Key smartphone need to place side by side, in order to sign in. Also, you need to turn on the Bluetooth (and pair each other) and Location Services to make the sign in more secure.
- Turn on Bluetooth and Location on both the devices.
- Sign in using your Google account on any device.
- After entering the password, choose Sign-in using Security Key to continue with login using your smartphone.
- Check for the Prompt on your Security Key smartphone. Tap Yes to approve sign in.
- If you are on Google Pixel 3 smartphone, holding down the volume down button would do the same.
When you set up a smartphone for Google as the Security Key, you need to carry the smartphone everywhere in order to log in to any other system or smartphone. Logging-in to your account can become much difficult in case your device goes missing. Therefore, Google recommends adding an additional smartphone as your backup security key. As the feature is in under Beta stage, we could expect more security features in the near future.