Starting today, any phone running Android 7+ can function as a FIDO2 security key.
Android users can now use their phones to log into their Google accounts on Windows, Chrome OS or macOS devices with phishing-resistant FIDO Authentication. Google’s Android platform was FIDO2 Certified in February.
While the WebAuthn component of FIDO2 enables FIDO Authentication to be built directly into browsers and platforms, Google’s newest offering utilizes the complementary component of FIDO2 — the Client to Authenticator Protocol (CTAP). CTAP is what facilitates the use of external devices like FIDO security keys or mobile devices for logins on FIDO2-enabled browsers and operating systems.
Now, users can add Android 7+ devices to the long list of options available to protect themselves from phishing and other credential-based attacks with FIDO Authentication. Currently, your Android phone can be a security key only for Google accounts. This means you can use your existing phone as your primary 2FA method for your work (G Suite, Cloud Identity, and GCP) and personal Google accounts to sign in on a Bluetooth-enabled Chrome OS, macOS X, or Windows 10 devices with a Chrome browser.
To activate your phone’s built-in security key, all you need is an Android 7.0+ phone and a Bluetooth-enabled Chrome OS, macOS X or Windows 10 computer with a Chrome browser. Here’s how to do it:
- Add your Google Account to your Android phone.
- Make sure you’re enrolled in 2SV.
- On your computer, visit the 2SV settings and click "Add security key".
- Choose your Android phone from the list of available devices—and you’re done.
When signing in, make sure Bluetooth is turned on on your phone and the device you are signing in on.