The company is taking advantage of the new security key feature in Android to allow people to use their Android phone to log in to Google services on iOS — The new feature works through Google’s Smart Lock app, which you need to have installed on your iPad or iPhone to make the Android security key feature work. You also need two-step verification enabled, and if both of those criteria are met, you will be able to hold down the volume key on your phone to sign in to your services.
“Compromised credentials are one of the most common causes of security breaches,” wrote Google software engineer Kaiyu Yan and product manager of identity and security Christiaan Brand in a blog post. “While Google automatically blocks the majority of unauthorized sign-in attempts, adding two-step verification (2SV) considerably improves account security … [and now,] you can use your Android phone to verify your sign-in on Apple iPads and iPhones.”
Back in April during its Cloud Next 2019 developer conference, Google rolled out a feature that allows Android phones running Android 7.0 Nougat and up to act as Fast Identity Online (FIDO) security keys, enabling them to protect G Suite, Cloud Identity, and Google Cloud Platform accounts across Bluetooth-enabled Chrome OS, macOS, and Windows 10 devices.
FIDO is a standard certified by the nonprofit FIDO Alliance that supports public key cryptography and multifactor authentication — specifically, the Universal authentication Framework (UAF) and Universal Second Factor (U2F) protocols. When you register a FIDO device with an online service, it creates a pair of keys: (1) an on-device and offline private key and (2) an online public key. During authentication, the device “proves possession” of the private key by prompting you to enter a PIN code or password, supply a fingerprint, or speak into a microphone. Today, security keys on Android phones can verify sign-ins on Apple iPads and iPhones.
Here’s how you can set up your devices to sign in on iOS using an Android phone’s built-in security key:
On a computer, sign in to your Google account and visit the 2-step verification page (make sure you’ve signed up for 2SV).
Click on ‘Add Security Key’ on the 2-step verification page.
Pick your Android smartphone from the list of available devices.
Turn on Bluetooth on your Android and iOS devices.
Sign in to your Google account using the Google Smart Lock app on your iPhone or iPad.
Check your Android smartphone, it’ll receive a notification.
Follow the instructions on your Android phone to confirm your login.
You’ll need an Android smartphone running Android 7.0 or above and an iOS device running iOS 10.0 or above, according to Google. The company also recommends that you register a backup hardware-based security key and keep it in a safe place. It can be used to sign in in case you lose your Android smartphone.
The new feature should be available today on all Google accounts.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
