Google’s Cybersecurity Efforts to Include Mobile Devices as Security Keys

The News: New cybersecurity initiatives announced by Google at Google I/O include the capability for Android and iOS mobile devices to be used as security keys. One of several security announcements, this move is designed to help thwart phishing attacks. Learn more from DARKReading here.

Google’s Cybersecurity Efforts to Include Mobile Devices as Security Keys

Analyst Take: Google’s continual efforts to address new and varied cybersecurity challenges include several new initiatives announced recently at Google I/O. On the heels of the company’s adoption of the pledge to expand support for FIDO sign-in standards, Google revealed the upcoming capability to use Android and iOS mobile devices as security keys to thwart phishing attacks.

This change will essentially turn a user’s mobile device into a physical security key (like Google’s Titan Security Key, which plugs into a USB port) by using Bluetooth to verify their proximity to the device the user wants to log into. The new cybersecurity functionality will help prevent phishing attacks in which a user is tricked into approving a fraudulent sign-in on a distant browser. Protecting against these “person in the middle” attacks has become a priority as bad actors have adapted their methods to potentially work around SMS or Google Prompt security authentication systems.

This isn’t exactly breaking new ground, as Apple has used devices in this way for quite some time now, but I’m glad to see this move from Google.

Additional Cybersecurity Measures Announced at Google I/O

Google Prompt itself will see updated cybersecurity standards, the company announced, including expanded prompt challenge types that will be triggered by potentially fraudulent login attempts. One new challenge will require a user’s mobile device to be connected to the same Wi-Fi network as the device they are trying to log into (similar to the security key function, which uses Bluetooth). Additional cybersecurity measures include continued auto-enrollment of Google account users into two-step verification — which I love, increased anti-phishing protections in Google products such as Docs, Sheets, and Slides, and new privacy and security features for Android.

I’m excited to see Google keeping the ball rolling forward on this front. Privacy is a massive hot button these days and we know for certain that while consumers highly value privacy, they also want a convenient and streamlined user experience. These measures look to offer both.

Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.

Other insights from Futurum Research:

New Google Cloud Organization, Global Strategic Customers and Industries, to be Led by Umesh Vemuri

Google Offices and Data Centers in the U.S. Share $9.5B in New Spending in 2022 as Google Expands Services and Pushes to Reach Carbon-Free Energy Usage Goals by 2030

Google Acquires Mandiant, Strengthening its Security Portfolio and Hoping to Snag Cloud Share

Image Credit: Google

The original version of this of this article was first published on Futurum Research.