You can now use your Android phone as a security dongle for two-factor authentication - simsdestoo

Yubico

Google now has a new way of sanctionative two-factor authentication: using your phone as the near-equivalent of a carnal security Key.

You should already be familiar with two-factor authentication: Typically, you'll secure a web-based application similar Gmail by not only inputting a password, but also providing a intermediate agency of authentication, such as an SMS code sent to your phone, or a code provided away an authentication app such as those recorded in the link above.

Thither's an alternative 2FA method acting that doesn't receive as much attention: a physical hardware dongle, wish a YubiKey, that authenticates by beingness physically inserted into your PC. Think of IT American Samoa a car key: You ain it, you make it, sol you must be who you say you are.

Google's new use of an Mechanical man phone every bit a "hardware dongle" is well-nig, but not quite, the comparable. Instead of sending a notification to an app on your phone—which an attacker could get at if you lost the phone and they knew your PIN code—the website surgery service tries to tie in to your phone via Bluetooth. Google's fresh 2FA method acting doesn't require a dongle to be physically inserted into a PC, but since Bluetooth's range is relatively discourteous, the betting odds of an attacker accessing your unlocked sound while remaining physically near your Microcomputer are relatively under.

Otherwise, the mode in which this two-factor authentication works should be usual: You log-in, the serving sends a "Are you trying to sign on in?" request to your phone, and then you confirm that yes, it's you. Right at present, Google's new hallmark is imprisoned to its own services like Gmail and G Suite, and requires a phone operative Android 7 or above. There's no denotation of this being tied to WebAuthn to enable 2FA connected websites, though.

Google's protection page inside information the steps that are requisite:

Enable deuce-divisor assay-mark, if you harbour't already, on the network service dubitable.
On your Mechanical man phone, attend myaccount.google.com/security.
Below "Signing in to Google," superior2-Step Confirmation.
Coil down to "Lot skyward an alternative second footfall."
SuperiorAdd Security KeyYour Android phoneDeform on.

There's one bonus for users who own a Pixel 3: As an alternative of really requiring you to unlock your ring, you can (optionally) just tap the volume-down button to substantiate the authentication request.

Note: When you purchase something after clicking links in our articles, we English hawthorn earn a small commission. Read our consort nexus policy for Thomas More inside information.

As PCWorld's senior editor, Mark focuses connected Microsoft news and chip engineering, among other beats. Atomic number 2 has formerly written for PCMag, BYTE, Slashdot, eWEEK, and ReadWrite.