ALONG WITH SECURE PASSWORDS (or at least not using these), two-factor authentication (2FA) is a pretty effective way of making your account less susceptible to hacks. No, it's not perfect, and a determined hacker can find ways of spoofing text messages if you really have something they want, but for the average person, it's just enough to make you less of an easy mark than the next guy. And that's usually good enough.
The trouble is that 2FA is a pain. Getting a long string of numbers to type in every time you log into Gmail on a new device is a novelty that gets old fast, so Google has been looking at ways to make the experience less tedious. First, it managed to streamline it to just tapping your phone screen, and now it's made it even more straightforward: you just need to have a phone.
Okay, it's not quite that simple, but it's close. The new form of 2FA involves connecting your smartphone (Android 7 or later; no iOS allowed) to your Chrome-running computer via Bluetooth. While the process is similar to the prompt-style 2FA of before, it has one inherent advantage: it relies on your phone being local, meaning someone from the other side of the world can't try spoofing your handset.
If you have a Pixel 3, you'll even be able to use the volume button to activate your £739 security key.
There are a handful of restrictions. Firstly, you need to be using Chrome on either Windows 10, macOS or Chrome OS itself. Secondly, your computer needs to have Bluetooth - fine if you're running a laptop, but not commonplace on desktops of a certain age. Thirdly, you need an Android phone running version 7 (Nougat) or later. Finally, it only works on Google services for now.
You can give it a spin for yourself by opting in on your Google security settings. µ
It's the week in Google news
Erik Estrada wouldn't have stood for this
Hacks in support of WikiLeaks founder target gov websites