Most of us have a Google account that we use to access Gmail, YouTube, Search, and other Google products. Also, we stay signed in to our Google accounts on our laptop and/or desktops. Why? Because we think it is safe.
But what if you wanted to sign in to your Google account on a public PC or friend’s computer? More importantly, how do you protect your account from being signed into without your permission?
While 2FA or two-factor authentication is a popular way to protect hackers from accessing your account, Google has gone ahead and made things simpler, faster, and more secure. You can now use your Android phone as a security key to sign in to a Google account on any computer. That is called 2SV or two-step verification system.
Let’s see how this works and how you can implement it.
There are a few things you will need before you can make this work. You need a smartphone with Android 7.0 (Nougat) or higher. You will also need to download and install Chrome on this smartphone and sign in to both Android and Chrome using the same Google account.
You will then need a computer (OS no bar) with Chrome browser where you are trying to access a Google-owned service like Gmail or YouTube.
Also on Guiding Tech
2. Enable 2SV
Click on the link below to visit My Account. Sign in using your preferred Google ID here. Once in, click on Security in the left window-pane. Here, under the heading Signing into Google, you will find a couple of options like 2-Step verification and 'Use your phone to sign in.'
First, we will enable Google prompt and see how it works so click on the first option. Click on Get Started on the next page.
At this point, you will be asked to re-enter your Google account password for security reasons. You should now see a list of all the Android phones that are connected to this Google ID. If you don’t see your device, click on the Don’t see your device link.
Click on the Try It Now link and you should immediately receive a pop-up on your Android smartphone.
That Google prompt contains information like your email ID, device OS that is trying to access your account, location, time, and two self-explanatory options. You can either allow or deny access. That is much faster and simpler than entering 2FA codes using the Google Authenticator app. Now go back and click on 'Use Phone to sign in' option once again. This time, you will see different options.
Click on Set It Up option. Enter your Google password again. Make sure you have selected the correct Android phone from the drop-down menu and that your phone has a screen lock. Why? Without a screen lock, anyone can steal your phone and use it to sign in using the Google prompt. Your phone needs to be locked and secure too. Click on Next when ready.
Google will now run a mock simulation where you will pretend to sign in to a Google account using your login credentials. Follow the drill and enter login details.
You will now see the prompt on your phone. It will be a little different because this is a mock drill to help you learn the ropes.
No location or OS details this time. Tap on Yes to continue with the drill.
You will be notified that the Google prompt works, but there is one last step to take care of. You will have to Turn On this feature.
If you own a Google Pixel 3, you can respond to Google prompt by long-pressing the volume down button. That is because Pixel phones ship with Titan M Security chip where FIDO credentials are stored. It seems that Google has taken a leaf out of BlackBerry. Too bad they are no longer in the race. I still miss my Bold 2!
Also on Guiding Tech
3. Losing Access to Phone
So what happens when you don’t have access to your smartphone? There can be many reasons behind it like the battery died out, the phone is stolen, or your kid won’t return it to you. Well, you can’t log in to your Google account using the prompt. However, you can sign in using your password.
Just select Try another way instead option at the bottom to sign in using a password or your backup codes. In case your phone is stolen, you can rest assured that no one else can use Google prompt because there is a screen lock. That’s why it is listed as a prerequisite at the time of setup.
If you have two smartphones, you can set up a backup number to receive text or voice message that can be used to sign in instead of the prompt. You will see an option to add it right under Google prompt.
In the same screen, if you scroll a little more, you can also set up 2FA using an authenticator app of your choice, use a USB-based security key like Yubikey, and note backup codes in case of emergencies. The last one should be written on a piece of paper and stored in a secured place.
Secure the Codes
I would recommend to save your backup codes somewhere safe in case of an emergency. You can now sign in to any Google service using your Android smartphone as a security device. Being a physical device, it adds a layer of security over password and is more convenient than using 2FA codes.
Next up: Do you use a windows laptop/computer? Here are three Windows 10 apps to generate 2FA codes for other sites/apps.