Last month, the search and mobile giant said it developed a new Bluetooth-based protocol that will allow modern Android 7.0 devices and later to act as a security key for two-factor authentication. Since then, Google said 100,000 users are already using their Android phones as a security key.
Since its debut, the technology was limited to Chrome sign-ins. Now Google says Apple device owners can get the same protections without having to plug anything in.
Security keys are an important security step for users who are particularly at risk of advanced attacks. They’re designed to thwart even the smartest and most resourceful attackers, like nation-state hackers. Instead of a security key that you keep on your key ring, newer Android devices have the technology built-in. When you log in to your account, you are prompted to authenticate with your key. Even if someone steals your password, they can’t log in without your authenticating device. Even phishing pages won’t work because only legitimate websites support security keys.
For the most part, security keys are a last line of defense. Google admitted last month that its standalone Titan security keys were vulnerable to a pairing bug, potentially putting it at risk of hijack. The company offered a free replacement for any affected device.
The security key technology is also FIDO2 compliant, a secure and flexible standard that allows various devices running different operating systems to communicate with each other for authentication.
For the Android security key to work, iPhone and iPad users need the Google Smart Lock app installed. For now, Google said the Android security key will be limited to sign-ins to Google accounts only.