As we’ve already recommended a thousand and one times, two-step verification is a must-have layer of protection for your online accounts. This is especially true nowadays, with the security of online services becoming more and more questionable with constant hacking of accounts and credentials. That said, you can shield your account even more now thanks to a new feature presented by Google that just came out of beta: you can now use your own smartphone as a physical security key.
What is a security key?
As we’ve said, two-step verification is a system of protection when it comes to logging in to your accounts. In addition to requiring you to enter a password on any PC, you’ll also have to validate this access through your smartphone, either via push notification or SMS. This way, it makes it more difficult for any attacker to access your accounts even if they know the password, since they’d also have to somehow intercept and validate the extra confirmation you complete with your smarpthone. But what happens if someone steals your phone or somehow manages to trick you into accepting the confirmation? This is where a security key comes in useful.
Security keys are based on a physical device that typically looks like a USB device, similar to a pen drive. This device stores an encrypted security code that works as an extra confirmation when you log in to certain services. The so-called Universal 2nd Factor (U2F) is the most widely used standard for these devices, currently supported by services like Google, Facebook, and Dropbox, among many others.
How does Google’s virtual security key work?
Given that you’d normally have to buy a security key separately, it seems like a pretty convenient idea to use your smartphone in the same way. The main difference is that, instead of making a connection via USB, you can use Bluetooth for it, maintaining the FIDO certification and saving you the trouble of having to carry an additional gadget around with you.
This way, when you log in to your Google account on a PC or laptop, you have to confirm your access from your smartphone, as usual, but you’ll also have to have both devices close to each other.
This feature had already been introduced by the company a few months ago, but in the recent Google I/O 2019, it was released officially for all mobile devices with Android 7.0 or higher.
How to activate Google’s security key
- Go to the security section in your Google account.
- You have to have the 2-step verification activated for your account, either through push notifications, SMS messages, the app from Google Authenticator, or passcodes.
- From the same 2-Step Verification menu, you’ll go down to the option Add Security Key.
- You can choose an external security key or your own smartphone. Obviously, you’ll choose this second option.
- Select the option add and both devices will be connected.