Netease Technologies News, April 11, according to TheVerge, Google announced today that any mobile phone running Android 7 or higher can now act as a physical security key for a two-step authentication mechanism. This means that users will be more secure to log on to Google applications than several other two-step authentication methods currently offered by Google. And if users want to use physical devices for login verification, they no longer need to buy an encryption lock, but can directly use mobile phones instead.
To make Android mobile phone a physical security key, users only need to connect the mobile phone to the PC through Bluetooth, and then use Chrome browser on the PC to verify the login. The new authentication scheme applies to Gmail, GSuite, Google Cloud and any other Google account services, and uses FIDO authentication standards. Google said other websites might add such a solution later, but the company is still in the process of certifying its services.
When someone gets a user password, two-step authentication can help prevent unauthorized login, which is very important when data leaks and phishing attacks lead to accounts in danger. Google recommends that everyone use their mobile phones as physical security keys, but it specifically recommends that journalists, activists, business leaders and political campaigns who are vulnerable to cyber attacks use mobile phones.
Of course, not all two-step authentication methods are equally secure. Google has already provided a large number of authentication schemes, such as SMS authentication codes, revolving codes of Google certifiers and Google Tips, which allow Android phones and Google services to communicate directly on computers via the Internet. The new physical security key works very much like Google Tips, but now it requires usersmobile phones to be physically close to their computers to prevent those who might try to deceive users accounts from around the world.
In addition, the new authentication mechanism uses two authentication protocols, FIDO and WebAuthn, to repeatedly check whether users are visiting the correct website and are not attacked by phishing.
To activate Android phones as security keys, users need a mobile phone running Android 7 or higher, and open separate Chrome browsers on ChromeOS, macOS or Windows 10 devices. First, log in to Google account on Android mobile phone and open Bluetooth. Then on the second device, open myaccount. google. com/security of Chrome Browser and click Two-step Verification. Select the option to add a security key and select the users mobile phone from the device list.
If the user is using Pixel 3, he can activate the security key by using the volume drop button, because Google says it stores FIDO credentials in Pixels TitanM chip, which can verify the validity of the push button. Other devices running Android 7 and higher can still use the two-step authentication method, but users need to log in and click a button.
Currently, Googles physical security key service can only be used on Android phones, and is only suitable for accessing Google services, not third-party websites. Because the new technology runs on the same protocols, including the FIDO standard, physical security keys can also be used. Its only a matter of time before other companies implement similar technologies, Google said. In addition to Chrome, other browsers may also be supported, and other services may eventually be extended to use Android phones as security keys. Google claims that it is working toward this ultimate goal. (small)
Source: Responsible Editor of Netease Science and Technology Report: Wang Fengzhi_NT2541