Out of the Box Solutions Blog

When Is a Phone Not a Phone? When It’s a Security Key

When Is a Phone Not a Phone? When It’s a Security Key

I’d be willing to bet that your phone is within reach at the moment, assuming you aren’t actively using it to read this blog right now. The tendency that people have to always have their phones on them has contributed to these devices becoming more deeply integrated into work processes - including security, via two-factor authentication. For this week’s tip, we’ll discuss how you can leverage an Android device as an added security measure.

For some background, it is important to understand that the Android OS now has FIDO2 certification. In essence, the FIDO (or Fast IDentity Online) Alliance has confirmed that Android meets the standards that the group has set for authentication needs.

So, What Does This Mean?

To make what could be a very lengthy conversation much shorter, it means that an Android device with Android 7.0 or higher and the latest version of Google Chrome installed can be used as a security key for your two-factor authentication needs. This also means that a device supported by FIDO2 (such as an Android device, no word on Apple supporting this yet) can leverage an onboard fingerprint scanner to confirm the identity of a user.

In other words, passwords may soon become a thing of the past.

No More Passwords?

While passwords have long been the standard form of identity authentication, they have also been shown to be somewhat simple for a determined cybercriminal to hack in one way or another. Phishing schemes and stolen databases have exposed millions of user accounts, and that’s not even counting all the times a hacker guessed that someone’s password was “letmein.”

The primary weakness of the password is the fact that it can, in fact, be shared. This is why FIDO2 is likely to become a very popular form of authentication… after all, it’s hard to share a thumbprint. FIDO2 also keeps all sensitive data - like the information read from biometrics - within the device itself, preventing it from being snagged from the Internet.

Perhaps most promising, in terms of a user’s security, FIDO2 will not allow a user to use their fingerprint on web domains and websites that are suspect (or just aren’t secure enough).

Using Your FIDO2 Android Device as a Security Key

As you would imagine, there are a few additional security-centric requirements that need to be met before you can leverage your Android device as a security key for authentication purposes. First of all, you need to have at least Android 7.0 installed, with Bluetooth turned on. In addition to this, you’ll also need the latest version of Chrome installed, and a Two-Step Verification-enabled Google account.

Once you’ve logged into your account, access Security. From there, you can activate 2-Step Verification and, you can set your smartphone to be the key required via a short process.

Using Your Phone to Authenticate Google Sign-Ins

With both Bluetooth and Location enabled on your phone, you’ll be prompted by any Google service you try to access to confirm the sign-in on your phone. By simply pressing Yes on your phone and waiting, you can sign-in to your Google account, confident that it has remained secure.

This kind of functionality is only going to appear more and more often, as more developers adopt the FIDO2 standard.

Are you looking forward to using this new authentication method? Let us know in the comments, and don’t forget to suggest any tips you think that we should cover!

The Biggest Problem with VoIP and How It Isn’t a D...
How Blockchain Will Soon Help All Companies


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, July 16 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security Productivity User Tips Privacy Malware Communication Microsoft Data Efficiency Internet Tech Term Google Smartphones Hardware Mobile Device Hackers Windows 10 IT Support Innovation Ransomware Computer Email Cybersecurity Android Managed IT Services Mobile Devices Business Passwords Small Business Business Management Software Cloud Communications Users Browser Network IT Services Collaboration Applications Outsourced IT Workplace Tips Social Media Wi-Fi Information Data recovery Internet of Things Wireless Holiday Employer-Employee Relationship Hosted Solutions Smartphone VoIp Apps Cloud Computing Bandwidth Managed IT services Data Backup Backup Saving Money Managed Service Save Money Networking Value Gmail Laptop Marketing Gadgets Microsoft Office Upgrade Business Intelligence Blockchain BDR Healthcare G Suite Data Management Office Mobility RAM Computers Data Security Tech Terms Office 365 Compliance Cortana Net Neutrality Automation Connectivity Telephony Paperless Office Company Culture Artificial Intelligence Remote Monitoring and Management Facebook Processor Analytics Virtual Assistant Password Cost Management Wireless Charging Miscellaneous Access Control Voice over Internet Protocol Medical IT Virtualization Managed IT Service VPN Chrome Patch Management Remote Computing Sports National Security Edge Virus SaaS e-waste Server Excel Troubleshooting Health HP Data Protection Settings Authorization Chrome OS Safety Threat Video HIPAA Plug-In Wireless Internet Hard Drives Trends Telecommuting Vulnerabilities Tactics Windows Tip of the week Antivirus GDPR disposal Bring Your Own Device Knowledge Update Customer Service Document Management Content Filtering Telecommute Training Mobile Security Microsoft Teams IT budget Phishing Printing Hard Drive Comparison Proactive IT Help Desk SSD A.I. Physical Security Touchscreen Cryptocurrency Outlook Updates User Tip Staff Personal Information Hybrid Cloud Lead Generation Network Attached Storage Paper OneNote Security Cameras Operating System Battery Data Breach Human Resources Dongle Processors Specifications Business Continuity Movies eCommerce Workers Microsoft Office 365 Windows 7 Maintenance Employees Voice over IP Profitability Technology Tips Storage E-Commerce Cables Ink Windows Server 2008 R2 Digital Data loss Reporting Word Managing Stress Sales Employee-Employer Relationship Vulnerability Machine Learning Twitter Online Shopping Millennials Time Management Router Solid State Drive Amazon Eliminating Downtime Streaming Media Display Dark Web Payment Database Government PowerPoint Taskbar Spam Wearables Environment Tablet IT Management Electronic Health Records Spyware Conferencing Analysis Certification Inventory Unified Communications Business Technology Authentication Websites Internet Explorer Hard Disk Drive WannaCry Server Management BYOD Backup and Disaster Recovery Downloads Big Data Error instant Messaging Cybercrime Quick Tips Alert Regulation Disaster Recovery Printers Benchmarks