The move is part of Google’s Advanced Protection Program, which was designed to help protect the accounts of people who are at high risk of phishing attacks. Namely, politicians, journalists, executives, activists, bankers, or anyone with a significant online presence. That said, it’s a good idea for anyone. The main snag is, the program requires you to have physical security keys—which, until recently, were separate, standalone devices—a barrier that is just inconvenient enough to deter the average person. That’s why using your smartphone makes sense. It’s something that virtually everyone already has on them.
While Android users don’t have to do anything besides connect their phone via Bluetooth, there’s an extra step for iPhone users. Once you have two-factor authentication enabled, you have to download Google’s Smart Lock app to activate a security key. From there, you can visit the Advanced Protection Program’s site to enroll.
Isn’t regular old 2FA enough? Why bother with yet another step in accessing your accounts? Sure, enabling 2FA is better than nothing; however, 2FA codes sent via text messages or authenticator apps aren’t failproof. Physical keys aren’t as vulnerable to bad actors, as it requires anyone accessing your account to be in close proximity. Besides, taking a few minutes to add extra security to what may be your most important accounts is way less of a pain in the arse than getting hacked.