Android phones can be security keys now

Security keys are an effective way to keep your accounts secure from hackers, but they suffer from a major challenge: They're inconvenient. Not a lot of people want to buy and carry an extra key or Bluetooth fob just for logging in -- which is why most two-factor authentication is done through text messages, even though it's less secure. Up to 90% of Gmail users don't even use 2FA, a Google software engineer revealed in 2018. Convenience is a big hurdle, and Google is hoping to solve that by making your phone the security key. It'll have the same functionalities as a physical security key but won't require you to carry an extra device to keep your accounts safe. That means that like a security key, your phone will warn you if an imposter website is trying to steal your password. Unlike using SMS or authenticator codes for logging in, security keys have to verify that the website you're logging in on is legitimate. The updated security feature is coming only to Android devices versions 7 and up, which account for about 50% of all active users, according to Google's distribution board. For now, it's working only on Google's Chrome browser and with Google accounts, but the company expects to expand availability.