clock menu more-arrow no yes

Filed under:

How to use your Android phone as a two-factor authentication security key

New, 9 comments

A few short steps to getting a convenient new security key

Photo by Amelia Holowaty Krales / The Verge

Google added a new way to verify your logins this week: using your Android phone as a physical security key for two-factor authentication. You should be using two-factor authentication to log onto websites, so that even if someone has your password from a data breach, they won’t be able to get in. And now with the new feature, if you have an Android phone running 7 or higher, you also have a convenient security key.

It’s more secure than many existing 2FA options (such as using SMS) because your phone will check in with your computer via Bluetooth to make sure you’re on the correct website and not being phished. SMS can be hacked, and most other secondary methods of verifying your logins won’t be able to check you’re attempting to log on to the right site.

Your computer should be running Windows 10, macOS, or Chrome OS, with any version of Chrome 72 or later. (Interestingly, Google doesn’t let you set this up via a mobile device, so you can’t use one phone to set up another phone as a key.) Before you start, make sure that your phone has Bluetooth turned on.

Here’s how to set it up:

  • If you haven’t yet, make sure to add a Google account to your phone by heading into Settings > Accounts > Add account > Google.
  • Then, on your computer, open a Google Chrome browser.
  • Head into on Chrome and click on “2-Step Verification.”
  • If you don’t have two-step verification set up yet, enter this site, and follow these instructions. The TL;DR is that you’ll need to log in, enter a phone number, and select what secondary methods of verification you’d like, which brings us back to...
  • Scroll down the list of secondary methods and select “Add Security Key.”
  • Choose your phone from the list of options; it should automatically show up.

That’s it! You’ve set up your phone as a security key and can now log in to Gmail, Google Cloud, and other Google services and use your phone as the secondary method of verification. Just make sure your phone is in close proximity to your computer whenever you’re trying to log in. Your computer will then tell you that your phone is displaying a prompt. Tap on the prompt to verify your login and you’re all set!

Here are some screenshots of what it looks like when you’re prompted on your phone to verify a login. It’s similar to what Google Prompt looks like already, with the main difference being that your phone will be checking with the website to verify it’s the right one.

Vox Media has affiliate partnerships. These do not influence editorial content, though Vox Media may earn commissions for products purchased via affiliate links. For more information, see our ethics policy.