Starting this week, Android phones can be used to verify sign-ins on Apple iPads and iPhones, Google announced.
The capability is enabled by the recently introduced 2-Step Verification (2SV) method that allows users to protect accounts with a security key built into their Android phones.
Previously, the technology could be used to verify sign-ins to Google and Google Cloud services on Bluetooth-enabled devices running Chrome OS, macOS, and Windows 10, and can now be used to verify sign-ins on Apple iPads and iPhones as well.
Google’s solution relies on FIDO security keys, which provide strong protection against automated bots, bulk phishing, and targeted attacks. The technology relies on public key cryptography to verify the user’s identity and URL of the login page, meaning that the attackers are denied access to the account even if they have the username and password at hand.
While leveraging the Chrome browser on Chrome OS, macOS, and Windows 10 devices to communicate with Android phone’s built-in security key over Bluetooth using FIDO’s CTAP2 protocol, Google’s solution relies on the Smart Lock app for that on iOS devices.
“Until now, there were limited options for using FIDO2 security keys on iOS devices. Now, you can get the strongest 2SV method with the convenience of an Android phone that’s always in your pocket at no additional cost,” the Internet search giant notes.
To get started, users first need to add the security key to their Google Account. For that, they should set up a personal or work Google Account on a phone running Android 7 or newer platform version, enroll in 2-Step Verification (2SV), visit the 2SV settings on a computer and select “Add security key”, and then select the Android phone from the list of available devices.
To start using the Android phone’s built-in security key with an iPhone or iPad (iOS version 10.0 or up), Bluetooth needs to be enabled on both devices. Users then need to sign in to their Google Account with a username and password using the Google Smart Lock app, check the Android phone for a notification, and then follow the instructions to confirm the sign in.
“Within enterprise organizations, admins can require the use of security keys for their users in G Suite and Google Cloud Platform (GCP), letting them choose between using a physical security key, an Android phone, or both,” the Internet company explains.
Google recommends the registration of a backup hardware security key (from Google or a number of other vendors) for any account, as well as to keep it in a safe place, to ensure that access to the account is possible even if the Android phone is lost.
The search giant has also published detailed instructions on how one can use the Android phone’s built-in security key.
Related: Google Unveils New Encryption Features for Android Developers
Related: Support for FIDO2 Passwordless Authentication Added to Android
More from Ionut Arghire
- Dozens of Malicious Extensions Found in Chrome Web Store
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
Latest News
- Dozens of Malicious Extensions Found in Chrome Web Store
- What if the Current AI Hype Is a Dead End?
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
- SBOMs – Software Supply Chain Security’s Future or Fantasy?
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
