Google is going to make you use 2FA whether you like it or not. The company is already auto-enabling its custom 2FA system (called 2-Step Verification or 2SV) for compatible Google accounts, and soon, it will use the Android Chrome app to bring more users into the world of 2FA/2SV while increasing the protocol’s security.
If Google asks you to unlock your phone when trying to log into Gmail or YouTube on a computer, then you’ve already encountered the company’s 2FA/2SA system. This process verifies that you (and not some stranger from halfway across the globe) are actively trying to log into your account. It also gives you the power to shut down dubious login attempts before they happen.
So where does Chrome come into this? Well, Google usually directs the 2FA/2SA system through your phone’s Play Services software. Doing so allows Google to tap into your phone’s GPS, verifying that you’re near whatever device is logging into your Google account. But it’s pretty easy to spoof a device’s location. And although Google offers a more strict version of 2FA/2SA that utilizes verify your proximity with a device using Bluetooth, you need to enable it manually.
Using the Chrome Android app allows Google to increase 2FA/2SA security (and expand usability) by leveraging caBLE (cloud-assisted Bluetooth Low Energy). While this system isn’t as secure as a real-world USB security key, it allows Google to check that you’re near a device that’s trying to sign in to your account with more accuracy than GPS alone.
This new Chrome feature isn’t fully rolled out yet, and 9to5Google could only access it through the Chrome 93 beta on Android. Google says that you must have Chrome Sync enabled on your account to use Chrome as a security key, and that this feature won’t work on iOS just yet (though it works on Mac).
If you have the Chrome 93 beta on Android, you can check for this feature by typing chrome://flags/#enable-web-authentication-cable-v2-support into your address bar.