Google has rolled out an update to its two-factor physical security keys to protect Google accounts, making it easier to enroll keys on Android and macOS devices.
Google users can register security keys on Android devices running Android 7.0 “N” and newer using Chrome version 70 and higher. Keys can also be saved on macOS devices using Safari version 13.0.4 and newer.
The move removes more barriers for users who adopt two-factor authentication (2FA) to protect Google accounts from phishing attacks, especially personalized phishing attempts by state-sponsored attackers. This is a solid obstacle to phishing because the connection requires physical access to the security key, which can be both a smartphone or a USB security key like the Titan Keys from Google or the hardware security keys from Yubico.
A Google engineer in 2018 found that less than 10% of Gmail accounts use 2FA due to usage issues. Even among developer populations, who should be more knowledgeable about security and using tools like 2FA, adoption is just as low.
SEE: 10 Tips for New Cybersecurity Pros (Free PDF)
Google does not want to force general users to adopt 2FA because it is afraid of chasing them. Since January, the creator of Firefox, Mozilla, has however demanded that all developers of Firefox browser extensions activate 2FA to reduce the risk of hijacking extensions after attacks on developer accounts.
Google’s recent efforts to boost adoption and reduce friction include the ability for iPhone owners to use the device as a security key for Google accounts.
The Chrome-Android and Safari-macOS update for Google account security keys also applies to Google’s advanced protection program for high-risk users such as executives, politicians and journalists.
“By making it easier to save security keys, we hope more users can take advantage of the protection they offer,” said Google in the latest update.