This article was published on June 13, 2019

PSA: Your Android phone is now a security key for signing in to Google on iOS


PSA: Your Android phone is now a security key for signing in to Google on iOS Image by: Google

Google has announced that it’s now possible to log into your Google accounts from your iPhones and iPads using your Android phone as a hardware authentication key.

The development comes almost more than a month after the internet giant made it easy for Google users to sign in to their accounts on their laptops or PCs using their Android smartphones as hardware security keys.

This passwordless authentication method was initially available only for ChromeOS, macOS, and Windows 10 devices. With the latest announcement, Google has expanded the technology to include devices running iOS as well.

But there is also a key difference between signing in iOS and other devices. On desktops and laptops, the Chrome browser is used as the middleman to communicate with the Android phone’s built-in security key over Bluetooth using FIDO’s Client to Authenticator Protocol (CTAP2).

Since iOS doesn’t have an actual Chrome browser — the iOS app for Chrome is based on Apple’s WebKit rendering engine — you will have to install Google’s Smart Lock app in its place.

Credit: Google

It’s worth noting that in order to leverage the security key feature, you also need to turn on two-factor authentication (2FA) and your Android smartphone must be running Android 7.0 (Nougat) or a newer version.

Otherwise, the way it works is still the same. To use it, you will have to turn on Bluetooth on both your iOS and Android devices. This ensures that the Android smartphone can detect and authorize any login attempts for Google accounts triggered from your iPhone.

So, when you are attempting to sign in, you’ll get a prompt on your Android phone to authenticate it. Tap ‘Yes’ there, and it relays the affirmation back to the iOS device, and allows the login to proceed.

While Bluetooth-based authentication has proven to be less than ideal, it’s still a much secure option than completely turning off 2FA for your Google account. The other alternative is to use an authenticator app.

The move to enable passwordless authentication to your Google accounts comes weeks after Apple announced its own single sign-on feature called “Sign in with Apple” that allows any registered Apple ID user to sign in to third party websites without having to share any personal information, or create a website-specific password.

With major tech giants like Apple, Google, and Microsoft working towards better authentication solutions, it’s probably safe to say passwords might soon become a thing of the past.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with