CAI Managed IT blog
Tip of the Week: Your Phone Can Work as Your Security Key
If you’re like most people nowadays, your mobile phone is currently well within your reach (and that’s assuming you aren’t reading this blog on it). The fact that most people keep their phone on them at all times has greatly contributed to these devices becoming a part of any given work-related process. One major way is the implementation of two-factor authentication, which we’ll discuss as a part of this week’s tip.
As we begin, it is important that we acknowledge that the Android operating system has been granted FIDO2 certification. In other words, the FIDO (Fast IDentity Online) Alliance has given the Android OS their seal of approval in regard to the authentication standards that the Alliance has set.
What Does This Mean?
In very simple terms, any Android device running 7.0 or higher with the latest Google Chrome update installed can be used as part of a two-factor authentication strategy - more specifically, as a security key. This includes the support that FIDO2 offers for onboard fingerprint scanners as a means of identity authentication. Currently, this authentication standard is only supported by Android, with no indication of Apple devices incorporating it.
In no uncertain terms, this all means that passwords may soon be phased out.
Passwords have been the standardized form of authenticating one’s identity for quite some time, despite the potential issues that are present with them. How often have we seen just how many ways a determined cybercriminal has to obtain a password? Between insecure databases filled with credentials and unfortunately successful phishing schemes, millions of accounts have been exposed - and that isn’t even taking all the times an insecure password was guessed into account.
The biggest weakness that any password has is the fact that it can be shared at all, that someone other than the owner can use it. Over any other reason, this is why FIDO2 is likely to become as popular as it is expected to be. When was the last time you successfully shared a thumbprint with someone, after all? Furthermore, FIDO2 keeps all of the information that is pulled from its biometrics onboard the device, keeping it safe from being stolen on the Internet.
As an added bonus, FIDO2 won’t allow the user to input their fingerprint’s biometric data into websites that don’t have sufficient security measures in place.
How to Use Your Android Device as a FIDO2 Security Key
In order to leverage your Android device as a security key, you need to make sure that it meets a few benchmarks. First and foremost, you’ll need to be running at least Android 7.0, with the latest version of Chrome installed. You will also need to have Bluetooth activated, and a Google account with two-step verification enabled.
This is somewhat simple to do. Logging into your Google account, access the Security section. Here, you’ll find the option to activate 2-Step Verification. After a short process, your smartphone will work as a security key.
Authenticating Google Sign-Ins with Your Phone
As long as you have enabled both Bluetooth and Location on your mobile device, any Google service you try to access will prompt you to confirm the sign-in attempt via your phone. This process is exceptionally simple - all you have to do is press Yes on your phone and wait. Once you’ve done so, you can confidently access your Google account, securely. As more developers adopt FIDO2, this enhanced security will only appear more often.
What do you think of this new authentication method? Share your impressions in the comments! While you’re there, let us know if there are any other tips you’d like us to cover!