Alltech IT Solutions Blog

When Is a Phone Not a Phone? When It’s a Security Key

When Is a Phone Not a Phone? When It’s a Security Key

I’d be willing to bet that your phone is within reach at the moment, assuming you aren’t actively using it to read this blog right now. The tendency that people have to always have their phones on them has contributed to these devices becoming more deeply integrated into work processes - including security, via two-factor authentication. For this week’s tip, we’ll discuss how you can leverage an Android device as an added security measure.

For some background, it is important to understand that the Android OS now has FIDO2 certification. In essence, the FIDO (or Fast IDentity Online) Alliance has confirmed that Android meets the standards that the group has set for authentication needs.

So, What Does This Mean?

To make what could be a very lengthy conversation much shorter, it means that an Android device with Android 7.0 or higher and the latest version of Google Chrome installed can be used as a security key for your two-factor authentication needs. This also means that a device supported by FIDO2 (such as an Android device, no word on Apple supporting this yet) can leverage an onboard fingerprint scanner to confirm the identity of a user.

In other words, passwords may soon become a thing of the past.

No More Passwords?

While passwords have long been the standard form of identity authentication, they have also been shown to be somewhat simple for a determined cybercriminal to hack in one way or another. Phishing schemes and stolen databases have exposed millions of user accounts, and that’s not even counting all the times a hacker guessed that someone’s password was “letmein.”

The primary weakness of the password is the fact that it can, in fact, be shared. This is why FIDO2 is likely to become a very popular form of authentication… after all, it’s hard to share a thumbprint. FIDO2 also keeps all sensitive data - like the information read from biometrics - within the device itself, preventing it from being snagged from the Internet.

Perhaps most promising, in terms of a user’s security, FIDO2 will not allow a user to use their fingerprint on web domains and websites that are suspect (or just aren’t secure enough).

Using Your FIDO2 Android Device as a Security Key

As you would imagine, there are a few additional security-centric requirements that need to be met before you can leverage your Android device as a security key for authentication purposes. First of all, you need to have at least Android 7.0 installed, with Bluetooth turned on. In addition to this, you’ll also need the latest version of Chrome installed, and a Two-Step Verification-enabled Google account.

Once you’ve logged into your account, access Security. From there, you can activate 2-Step Verification and, you can set your smartphone to be the key required via a short process.

Using Your Phone to Authenticate Google Sign-Ins

With both Bluetooth and Location enabled on your phone, you’ll be prompted by any Google service you try to access to confirm the sign-in on your phone. By simply pressing Yes on your phone and waiting, you can sign-in to your Google account, confident that it has remained secure.

This kind of functionality is only going to appear more and more often, as more developers adopt the FIDO2 standard.

Are you looking forward to using this new authentication method? Let us know in the comments, and don’t forget to suggest any tips you think that we should cover!

The Biggest Problem with VoIP and How It Isn’t a D...
How Blockchain Will Soon Help All Companies
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, June 25 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

WannaCry Mobile Security Inventory Vulnerability Payment Collaboration Hard Drives Bring Your Own Device Storage Cabling Information Wireless Charging Automobile Workplace Tips Outlook Health News OneNote CrashOverride Managed Service How To BDR Spam Windows XP Staffing Managed Service Provider Hard Drive Remote Support Certification Money Settings App Gmail Information Technology Facebook Cryptocurrency Spam Blocking Websites Processors Business Computing Net Neutrality Mobile Device Efficiency SSD Software User Tips Small Business Budget Computer Patch Management Current Events Staff Alert Scalability Big Data Word IT Support Marketing IT Services Chrome OS Managed IT Services Licensing Employees Tip of the Week GDPR Mobile Device Management Autocorrect Business Management Taskbar Two-factor Authentication Lead Generation Social Media Telephone Systems Personal Information Applications Botnet Reporting Maintenance Artificial Intelligence Connectivity Users Emoji Cloud Value Malware Work/Life Balance Bandwidth Productivity Smartphones Tip of the week Law Enforcement E-Commerce Eliminating Downtime Backup The Internet of Things PowerPoint Outsourced IT Network Security Remote Monitoring Video Troubleshooting Microsoft Saving Money Cables Miscellaneous Productivity Office 365 Streaming Media Biometrics Server Management Employee-Employer Relationship Regulation DDoS Printer Server Webcam Google Wireless Internet Search Data Management Router eWaste Communication Authentication Travel Managed IT Service Google Maps Remote Monitoring and Management Authorization Politics Remote Control e-waste Privacy Freedom of Information Innovation Tech Term Password Ransomware Cybersecurity Update Spyware Human Resources Networking Hardware Chrome VoIP Vendor Management Specifications Tactics Copy Employer Employee Relationship Unified Threat Management Paper Voice over Internet Protocol Internet of Things Conferencing Downloads Healthcare User Security Microsoft Teams Worker Remote Computing VPN HP Vulnerabilities SaaS Communications Gadget Printers Email Managing Stress Hiring/Firing Disaster Recovery Avoiding Downtime Encryption Retail Dark Data Smart Technology Backup and Disaster Recovery Managed IT Android Gadgets Server Time Management Threat Blockchain Website Solid State Drive Cybercrime Trends Browser iPhone Document Management Email Management IT Support Paperless Office Data Security HIPAA Thank You Edge Updates Tech Terms Gaming Console RAM Millennials Files Safety Twitter Printer Instagram Office Tips Data Managed IT Services Cloud Computing Data Recovery Data Breach National Security Antivirus Hosted Solution Access Control Live Streaming Physical Security Alerts Samsung Education Internet Explorer Voice over IP Electronic Health Records Computers HaaS Windows 10 Spotify Office Paste Security Cameras Workers Data Backup Analysis User Tip Hacker Employer-Employee Relationship Telephone System Business Continuity Touchscreen Emergency G Suite Data loss Upgrade Amazon Microsoft Office Yahoo Congratulations Laptop Synergy Cost Management Machine Learning Environment Unified Communications Phishing Telecommute Wireless Wi-Fi Sales Virtual Assistant Passwords Business Technology WiFi Recovery Online Shopping Windows 10 Hosted Solutions Best Practices Digital Medical IT Quick Tips Hacking Dongle A.I. Mobile Devices Error Apple Training Holiday Leadership Analytics Video Games Virus Automation WhatsApp Telecommuting Shortcut Plug-In Virtualization instant Messaging Windows Hybrid Cloud Movies Government Compliance Television Telephony Profitability Customer Service Google Drive Internet eCommerce Ink Scheduling Proactive IT Wearables Business Intelligence Content Filtering Data Protection IT Management IT budget Entertainment Sports Comparison Scam Cleaning Excel Tablet Microsoft Office 365 Company Culture Battery Computer Care IaaS Multi-Factor Security Technology Mobility Network Attached Storage Hackers Network Knowledge Dark Web Smartphone Cortana Technology Tips disposal Windows 7 VoIp Phone System Credit Cards BYOD Access Apps Hard Disk Drive Database Help Desk Printing Save Money Security Windows Server 2008 R2 File Sharing Business Operating System Tech Support