Skip to main content
The Keyword

The ultimate account security is now in your pocket

Article's hero media

Phishing—when an attacker tries to trick you into turning over your online credentials—is the most common cause of security breaches. Preventing phishing attacks can be a major challenge for personal and business users alike. At Google, we automatically block the overwhelming majority of malicious sign-in attempts (even if an attacker has your username or password), but an additional layer of protection can be helpful.

Two-step verification (or 2SV) makes it even harder for attackers to gain access to your accounts by adding one more step to the sign-in process. While any form of 2SV, like SMS text message codes and push notifications, improves the security of your account, sophisticated attackers can skirt around them by targeting you with a fake sign-in page to steal your credentials.

We consider security keys based on FIDO standards, like our Titan Security Key, to be the strongest, most phishing-resistant method of 2SV on the market today. These physical security keys protect your account from phishers by requiring you to tap your key during suspicious or unrecognized sign-in attempts.

Now, you have one more option—and it’s already in your pocket. Starting today in beta, your phone can be your security key—it’s built into devices running Android 7.0+. This makes it easier and more convenient for you to unlock this powerful protection, without having to carry around additional security keys. Use it to protect your personal Google Account, as well as your Google Cloud Accounts at work. We also recommend it for people in our Advanced Protection Program—like journalists, activists, business leaders and political campaign teams who are most at risk of targeted online attacks.

Using the built-in security key in a Pixel 3 to log into your Google Account.gif

To activate your phone’s built-in security key, all you need is an Android 7.0+ phone and a Bluetooth-enabled Chrome OS, macOS X or Windows 10 computer with a Chrome browser. Here’s how to do it:

  1. Add your Google Account to your Android phone.
  2. Make sure you’re enrolled in 2SV.
  3. On your computer, visit the 2SV settings and click "Add security key".
  4. Choose your Android phone from the list of available devices—and you’re done!

When signing in, make sure Bluetooth is turned on on your phone and the device you are signing in on.

We recommend registering a backup security key to your account and keeping it in a safe place, so you can get into your account if you lose your phone. You can get a security key from a number of vendors, including our own Titan Security Key.

Now on Android, your phone is a security key to protect your accounts from phishing. Christiaan Brand, product manager on the Google Cloud Security team, explains why protecting your identity is top of mind for Android.
10:25

Here’s to stronger account security—right in your pocket.