How to use your Android phone as a security key for your Google accounts

How to use your Android phone as a security key for your Google accounts
Credit: Google

Welcome to TNW Basics, a collection of tips, guides, and advice on how to easily get the most out of your gadgets, apps, and other stuff.

Google has been working to make it easier to secure your accounts for its services with two-factor authentication over the past few years. Now, it’s enabled a handy feature you should definitely consider using if you’ve got an Android phone.

When you turn it on, you’ll need to not only provide a password to log into your Google services, but also prove your identity with your phone via Bluetooth. This is neat, because the only way someone will be able to log into your Google account from now on is if they know your password, and have access to your unlocked phone. It’s functionally similar to having a Bluetooth fob on your keychain to authenticate you – but you don’t need to buy or keep an additional device handy, just your phone.

Note that you’ll need a Chrome, Windows, or macOS computer with Bluetooth connectivity, and Android 7.0 or newer on your phone for this.

Here’s how to enable it:

  • First, add your Google Account to your Android phone. If you’re logged into Google services like Assistant and Gmail on your device, this should already be sorted. If not, head to Settings > Accounts > Add account, and choose ‘Google.’ Enter your credentials and follow the on-screen instructions to complete the process.
  • Next, ensure you’ve got two-step verification (aka two-factor authentication) set up for your account. To do this, visit this page on your desktop, and log in if prompted.
  • Then, click “Add security key”.
    Your phone should already be available in the list of options for devices to use here. Choose your phone and you’re good to go.
    Using your phone as a security key is a good way to protect yourself from phishing scams, since attackers can't do much without gaining physical access to your phone
    Using your phone as a security key is a good way to protect yourself from phishing scams, since attackers can’t do much without gaining physical access to your phone

     

  • To use it, try logging into your Google account on your desktop with your username and password; make sure you’ve got Bluetooth turned on on your phone first. After you enter your password, you’ll have to respond to the prompt on your phone with a single tap. It’ll authenticate you wirelessly by communicating your desktop over Bluetooth.

This feature might look familiar to those of you who already use the Google prompt that’s sent over the internet to your phone – but it adds another layer of security by requiring you to have your linked phone in proximity of the desktop you’re logging in with.

TNW Conference 2019 is coming! Check out our glorious new location, inspiring line-up of speakers and activities, and how to be a part of this annual tech extravaganza by clicking here.

Read next: 6 things we learned after playing with Nintendo's Labo VR kit