A couple of months back, Google introduced 2SV (2-Step Verification) method to protect users against phishing with the help of a security key built-in to Android devices that enables users to protect their accounts better. Until now, the technology allowed users to verify their sign-in to Google and Google Cloud services on Bluetooth-enabled Chrome OS, macOS, and Windows 10 devices. But starting today, users can use their Android phone to verify their sign-in on Apple iPads and iPhones.
To give you a background, the FIDO (Fast ID Online) security keys provide protection against automated bots, bulk phishing, and targeted attacks by leveraging the public key cryptography to verify a user’s identity and the URL of the login page. By doing so, it prevents attackers from accessing users’ account, even if they have tricked the users into providing their username and password.
On devices based on Chrome OS, macOS, and Windows 10, Google leverages the Chrome browser to communicate with the built-in security key of a user’s Android device, over Bluetooth, using the CTAP2 protocol from FIDO. Whereas, on iOS devices, it uses Google’s Smart Lock app instead of the Chrome browser.
Here are the steps to set up your device to sign-in on iOS (using an Android phone’s built-in security key):
Add the security key to your Google Account
- The first thing you need to do is sign-in to your Google account and make sure that ‘2-Step Verification’ is turned on.
- Now, on your Android device, you need to visit myaccount.google.com/security and under ‘Signing in to Google’ and select 2-Step Verification.
- Scroll down until you find ‘Set up an alternative second step’ and select ‘Add Security Key’ > ‘your Android phone’ > ‘Turn on’.
Use your Android phone’s built-in security key
- Make sure Bluetooth is turned on on your computer.
- Sign in to your Google Account on your iOS device using the Google Smart Lock app.
- On the next screen, check your Android phone for notification and double-tap the “Are you trying to sign in?” notification and follow the instructions to confirm.
According to Google, you need to be on an Android smartphone running Android 7.0 or above and an iOS device running iOS 10.0 or above, to be able to use this feature. Further, Google also recommends you to register a backup hardware security key (from Google or other vendors) for your account, which can come in handy to gain access to your account if you lose your Android phone.