MobileNews

Chrome for Android becoming a 2FA security key for Google Account sign-in

For the past few years, Google has aggressively encouraged adoption of two-factor authentication (2FA) — or 2-Step Verification (2SV) as the company refers to it. This includes physical security keys that plug in over USB, while it also offers phone security keys. The latest effort turns Chrome for Android into a security key for Google Account sign-in. 

After entering username and password, users that have 2FA/2SV enabled on their Google Account can confirm a log-in attempt in a handful of ways. There’s tapping “Yes” on the “Google Prompt” notification that appears on both Android and iOS (Google or Gmail app required), or long-pressing on the volume button if you have a “phone security key” set-up.

That latter approach is more stringent (than a notification) and better mimics a USB-C/A security key as Bluetooth is used to communicate between the phone and desktop to confirm proximity. However, phone security keys require users to manually set it up before time, thus a barrier to adoption.

Google is now using the Chrome for Android app as another 2FA security key method. Upon entering your credentials on a laptop, you will get the usual “Are you trying to sign in?” notification that opens a fullscreen page with “Yes” and “No, it’s not me” at the bottom. Google notes how:

Someone is trying to sign in to your account from a nearby device

The important part of that message is “nearby device,” thus differentiating this from the simple Google Prompt notification. After confirming, you’re taken to a “Connecting to your device” page with rotating animation, which is exactly like the phone security key process.

If you open the Recents/multitasking menu, you’ll notice how that screen is from Chrome, rather than Google Play services. (That said, GPS is still responsible for showing the previous Yes/No UI.)

The below screenshots are from Chrome 93 (in beta) on Android and version 92 for Mac. This capability is not yet widely rolled out. Behind-the-scenes, Google is using caBLE (cloud-assisted Bluetooth Low Energy) as noted in the Chrome flag. Requirements include signing into the same account and having Chrome Sync enabled: 

Enable use of phones that are signed into the same account, with Sync enabled, to be used as 2nd-factor security keys. – Mac, Windows, Linux, Chrome OS, Android

chrome://flags/#enable-web-authentication-cable-v2-support

Chrome for Android security key


Check out the latest Samsung phones at great prices from Gizmofashion – our recommended retail partner.


Author: Abner Li
Source: 9TO5Google

Related posts
AI & RoboticsNews

Nvidia and DataStax just made generative AI smarter and leaner — here’s how

AI & RoboticsNews

OpenAI opens up its most powerful model, o1, to third-party developers

AI & RoboticsNews

UAE’s Falcon 3 challenges open-source leaders amid surging demand for small AI models

DefenseNews

Army, Navy conduct key hypersonic missile test

Sign up for our Newsletter and
stay informed!