Use Your Android Phone As a Security Key to Log Into Websites
All Android smartphones running Android 7.0 or higher can now be used as a security key to log into websites – only Google and only through Chrome, but hopefully more sites and browsers will support this feature soon. This is a convenient two-factor authentication method as most people have their Android phones or tablets close at hand even when browsing on a desktop, and it removes the need to deal with other hardware tokens or authentication apps.
This new feature is a result of Android’s recent FIDO2 and WebAuth certifications. If you’re wondering how this technology works, we have a quick explanation , but the main thing is that your Android phone contacts Chrome to verify your identity and the legitimacy of the website you are logging into. Two devices verify that:
- You are in the same place as the device you log into via Bluetooth and location data.
- The site you login to is secure and authentic (not a fake login page trying to spoof your password).
How to use your Android smartphone as a dongle
What do you need
- Android smartphone with Android 7.0 or later (and with Bluetooth enabled)
- Latest version of Google Chrome
- Google account with 2-step verification enabled .
To add your smartphone as a security key, look for the Add Security Key link under the Security Key section of the 2-Step Verification page if you have previously used a Security Key, or the Configure Alternate Second Step section below. on the page if you haven’t. You will be prompted to select a dongle (your smartphone) and you only need to go through a short prompt to enable this feature for your account.
Logging in with a smartphone
You can now use your Android device to authenticate Google login. This is how it works:
- Make sure Bluetooth and Location are turned on on your phone.
- When you sign in to a Google service such as Gmail, YouTube, Chrome, or Drive, you will be prompted in your browser to unlock your phone and follow the instructions to confirm your sign in.
- Press “Yes” on your phone and wait for the authentication process to complete. (If you’re using a Pixel 3 or Pixel 3 XL, you can also press the Volume Down button to confirm the request.)