In April, Google announced that consumers could start using their Android phones as physical security keys for two-factor authentication. The new option enables users to require login verification using a physical device, but eliminates the need to use a separate dongle. In an update about the feature today, Google revealed that Android phones can now be used as physical security keys for iOS devices, too.
Security breaches have become increasingly common and login credentials are often compromised as a result. Anyone with the right login information can sign into an account, but two-factor authentication (2FA) offers a pretty solid solution. In its most common form, 2FA will only let someone log into an account after they enter a code sent to the phone number on their account.
Though it’s not terribly common, it is possible for hackers to gain access to an account by intercepting that code. That’s where physical security keys come in — users can only access the account if they have the dongle in their possession, something far more difficult to obtain.
The obvious downside is that you must have the dongle on your person when you attempt to log into the account, a problem if you happened to leave it at home or lost it. Consumers are far more likely to keep track of and be in possession of their smartphone, however, making it the ideal physical security key.
The Android phone built-in security key support was previously released for Windows 10 devices, macOS, and Chrome OS; it relied on Chrome browser to communicate with the user’s phone via Bluetooth. For the newly added iOS support, the security option uses the Google Smart Lock app.
The phone must be running Android 7 or later, the user’s Google Account must be added to the phone, and the phone must be added as a security key under the Google Account’s 2SV settings. Full instructions on security up an Android phone security key for iOS can be found here.