Google added a new way to verify their logins this week: use your Android phone as a physical security key for two-factor authentication. You should use two-factor authentication to log on to the websites, so that even if someone has your password due to a data breach, you will not be able to log in. And now, with the new feature, if you have an Android phone running 7 or higher, it also has a convenient security key.
It's safer than many existing 2FA options (like using SMS) because your phone will register with your computer via Bluetooth to make sure you're on the right website and not being tricked. SMS can be hacked, and most other secondary methods of verifying your logins will not be able to verify if you are trying to log in to the correct site.
Your computer must be running Windows 10, macOS or Chrome OS, with any version of Chrome 72 or later. (Interestingly, Google does not allow you to set this up through a mobile device, so you can not use a phone to set up another phone as a key). Before you start, make sure your phone has Bluetooth enabled.  Here's how to set it up:
- If you have not already done so, be sure to add a Google account to your phone by going to Settings> Accounts> Add account> Google.
- Then, on your computer, open a Google Chrome browser.
- Go to myaccount.google.com/security in Chrome and click on "Two-Step Verification."
- If you do not have a two step verification, configure it still, enter this site and follow these instructions. The TL; DR is that you will need to log in, enter a phone number and select the secondary verification methods you want, which brings us back to …
- Scroll down the list of secondary methods and select "Add password from security".
- Choose your phone from the list of options; it should appear automatically.
That's it! You have set up your phone as a security key and can now log in to Gmail, Google Cloud and other Google services and use your phone as the secondary verification method. Just make sure your phone is near your computer every time you try to log in. Your computer will indicate that your phone displays a message. Tap the indicator to verify your login and you're all set
Here are some screenshots of what it looks like when asked on your phone to verify a login. It is similar to what Google Prompt already looks like, with the main difference that your phone will check with the website to verify that it is correct.
Vox Media has affiliate associations. These do not influence the editorial content, although Vox Media can earn commissions for products purchased through affiliate links. For more information, see our ethics policy .