Passwordless is the next-gen authentication that is far more secure than using a traditional username and password. Essentially, passwordless authentication uses an encrypted key on a device — your phone, for example — to log you into an account. By using this method, it is far less likely that your accounts will be hacked by malicious users. On top of that, you won’t have to bother typing lengthy passwords to log into your accounts. Instead, you simply OK the login attempt on your phone, and — voilà! — you’re in.
Passwordless authentication avoids the usual hacking methods of traditional authentication, such as brute force, credential stuffing, phishing, keylogging, and man-in-the-middle attacks.
Also: The best Android phones we’ve tested (including foldables)
Google’s Chrome browser now includes the ability for you to set your phone as the security key to safely sign into your Google account. Anyone who’s used the Google ecosystem on an Android device — and has two-factor authentication enabled — has already experienced this. Once set up, when attempting to log into the associated Google account, you receive a pop-up on your phone allowing you to verify the login attempt.
In today’s world of constant cybersecurity attacks, you should consider this a must-use.
Keep in mind that this setup only works to secure your Google account. In other words, you’re not setting up every account you sign in on the Chrome browser to use your phone as a security key. Even so, this is a big step toward passwordless authentication.
If you want to enable the added security for your Google account, keep reading.
How to set your Android phone as a security key in Chrome
What you’ll need: To make this work, you’ll need the latest version of the Chrome browser, a phone associated with your Google account, and 2FA enabled on your Google account. I’ll demonstrate this with my Pixel 8 Pro, and desktop Chrome version 120.0.6099.199 running on Ubuntu Budgie.
Also: How to use Google two-factor authentication
Do make sure you have 2FA setup before you attempt to assign your phone as the security key for your account. If you find your version of Chrome doesn’t include the feature, make sure to upgrade to the latest version. Because Chrome is so often targeted by hackers, it’s important to always run the most recently released version of the app.
The first thing to do is open Chrome. Once Chrome is open on your desktop, click the three-dot menu button in the upper-right corner of the window and click Settings. If you don’t want to go through the menu, you can always type chrome://settings in the Chrome address bar.
In the Settings tab, click Privacy and Security in the left sidebar and then click Security. Scroll to the bottom and click Manage Security Keys.
You can also create PINs for physical security keys for Chrome in the Manage security keys section. Screenshot by Jack Wallen/ZDNET
On the resulting page, click Manage Phones.
Also: 9 top mobile security threats and how you can avoid them
If you’ve already signed into Chrome on your phone, you should see it listed, which means it can be used as a security key. If you don’t see your phone listed, it means you haven’t set up your phone’s built-in security key.
I’ve signed into my Google Account on several Android devices and added them as security keys. Screenshot by Jack Wallen/ZDNET
If you haven’t set your phone up as a security key, you can do so now. Again, before you do, you must have 2FA enabled for your Google account. Once you have that taken care of, do the following (Note: this only works if you’ve not already added your phone as a security key):
- On your Android phone, Open Chrome and go to myaccount.google.com/security.
- Look for the How you sign in to Google section and tap 2-Step Verification.
- If prompted, sign into your Google account.
- Locate the Security Key entry and tap the right-pointing arrow.
- Tap Add Security Key.
- Select your Android phone and then tap Add.
Also: 5 quick tips to strengthen your Android phone security today
Once you’ve taken care of the above, your phone should then be listed in Chrome as a security key for your Google account. Now, any time you attempt to log in to your Google account from a new browser, you’ll be sent a confirmation pop-up on the phone you’ve added as a security key.
If you’re logging in, tap Yes, it’s me. Otherwise, someone else is trying to access your Google account. Screenshot by Jack Wallen/ZDNET
When prompted, tap Yes, it’s me and you’ll be allowed in. If you ever receive such a pop-up on your phone and you weren’t trying to log into your account, make sure to tap No, don’t allow to block any unwanted attempt.
