Android phones can now be security keys for iOS devices
In April, Google announced that it was making secure access keys available on its Android phones. These software-based keys are based on the FIDO2 standard, which is a community attempt by several industry players to make secure logins easier.
Instead of having to remember a password when logging into a website, you can use a digital key stored on a piece of suitable hardware. Google and other vendors offer small hardware dongles that connect either via a computer’s USB port, or via Bluetooth. Your browser reads the digital key from the device and sends it to the website to prove that you’re legit.
Letting users store this digital key in their Android phones turns it into a secure access device that requires you to be in physical control of your phone to authenticate to a site on your computer. By using the Bluetooth connection in their phones, they can authenticate themselves when logging into Google services.
These phone-based keys also stop phishers from mounting man-in-the-middle attacks. The phone stores the key against the URL of the website it’s trying to access so it isn’t available to the wrong (phishy) URL.