Developers from Google have introduced a new method of two-factor authentication, which involves using an Android smartphone as a physical security key.
Many have already encountered two-factor authentication, which involves not only the introduction of a standard password, but also the use of some second tool for passing identity verification. For example, after entering a user password, some services send an SMS message containing a generated code that allows you to pass authorization. There is also an alternative method of implementing two-factor authentication, when a physical hardware key like YubiKey is used, for activation of which it is necessary to connect it to a PC.
Developers from Google suggest using a custom Android smartphone as such a hardware key. Instead of sending a notification to the device, the website will try to access the smartphone via Bluetooth. It is noteworthy that to use this method, you do not need to physically connect the smartphone to the computer, since the range of Bluetooth is quite large. At the same time, it is extremely unlikely that an attacker will be able to gain access to a smartphone while being within the range of a Bluetooth connection.
At the moment, only some Google services, including Gmail and G-Suite, support the new authentication method. To work correctly, you need a smartphone running Android 7.0 Nougat or later.
Source: 3dnews.ru