in

How to set your Android phone as a security key to lock down your Chrome browser

<!–>

Luis Alvarez/Getty Images

Passwordless is the next-gen authentication that is far more secure than using a traditional username and password. Essentially, passwordless authentication uses an encrypted key on a device – your phone, for example – to log you into an account. By using this method, it is far less likely that your accounts will be hacked by malicious users. On top of that, you won’t have to bother typing lengthy passwords to log into your accounts. Instead, you simply OK the login attempt on your phone, and – voilà! – you’re in.

Passwordless authentication avoids the usual hacking methods of traditional authentication, such as brute force, credential stuffing, phishing, keylogging, and man-in-the-middle attacks.

Also: The best Android phones we’ve tested (including foldables)

Google’s Chrome browser now includes the ability for you to set your phone as the security key to safely sign into your Google account. Anyone who’s used the Google ecosystem on an Android device – and has two-factor authentication enabled – has already experienced this. Once set up, when attempting to log into the associated Google account, you receive a pop-up on your phone allowing you to verify the login attempt.

In today’s world of constant cybersecurity attacks, you should consider this a must-use.

–>

Keep in mind that this setup only works to secure your Google account. In other words, you’re not setting up every account you sign in on the Chrome browser to use your phone as a security key. Even so, this is a big step toward passwordless authentication.

If you want to enable the added security for your Google account, keep reading.

How to set your Android phone as a security key in Chrome

What you’ll need: To make this work, you’ll need the latest version of the Chrome browser, a phone associated with your Google account, and 2FA enabled on your Google account. I’ll demonstrate this with my Pixel 8 Pro, and desktop Chrome version 120.0.6099.199 running on Ubuntu Budgie.

Also: How to use Google two-factor authentication

Do make sure you have 2FA setup before you attempt to assign your phone as the security key for your account. If you find your version of Chrome doesn’t include the feature, make sure to upgrade to the latest version. Because Chrome is so often targeted by hackers, it’s important to always run the most recently released version of the app.

The first thing to do is open Chrome. Once Chrome is open on your desktop, click the three-dot menu button in the upper-right corner of the window and click Settings. If you don’t want to go through the menu, you can always type chrome://settings in the Chrome address bar.

<!–>

–> <!–>

–> <!–>

In the Settings tab, click Privacy and Security in the left sidebar and then click Security. Scroll to the bottom and click Manage Security Keys.

–>

<!–> The Manage security keys entry.

–>

You can also create PINs for physical security keys for Chrome in the Manage security keys section.

Screenshot by Jack Wallen/ZDNET

On the resulting page, click Manage Phones.

<!–>

–> <!–>

Also: 9 top mobile security threats and how you can avoid them

–> <!–>

If you’ve already signed into Chrome on your phone, you should see it listed, which means it can be used as a security key. If you don’t see your phone listed, it means you haven’t set up your phone’s built-in security key. 

–>

<!–> A listing of associated devices for Google security keys.

–>

I’ve signed into my Google Account on several Android devices and added them as security keys.

Screenshot by Jack Wallen/ZDNET