At the Google Cloud Next 2019 in San Francisco Google has announced it will add an option to use Android phone’s built-in security key for multi-factor authentication to protect against phishing. This will be available on all phones running Android 7.0+ (Nougat) so that you don’t have to carry around additional security keys. On Pixel 3 FIDO credentials are stored inside the Pixel’s Titan M chip so that you can just press the volume down button to activate your security key.
To enable phone’s built-in security key, you need Android 7.0+ phone with Google Play Services and a Bluetooth-enabled devices running Chrome OS, macOS X, or Windows 10 with a Chrome browser. Here’s how to do it.
- Add your Google Account to your Android phone.
- Make sure you’re enrolled in 2-step verification
- On your computer, visit the 2SV settings and click “Add security key”.
- Choose your Android phone from the list of available devices—and you’re done!
When signing in, make sure Bluetooth is turned on, on your phone and the device you are signing in on. Google recommends users to register a backup security key to their account and keeping it in a safe place, so they can get into their account if they lose the phone.
This will roll out in a few days for everyone in beta.