To give you a background, the FIDO (Fast ID Online) security keys provide protection against automated bots, bulk phishing, and targeted attacks by leveraging the public key cryptography to verify a user’s identity and the URL of the login page. By doing so, it prevents attackers from accessing users’ account, even if they have tricked the users into providing their username and password. On devices based on Chrome OS, macOS, and Windows 10, Google leverages the Chrome browser to communicate with the built-in security key of a user’s Android device, over Bluetooth, using the CTAP2 protocol from FIDO. Whereas, on iOS devices, it uses Google’s Smart Lock app instead of the Chrome browser. Here are the steps to set up your device to sign-in on iOS (using an Android phone’s built-in security key):
Add the security key to your Google Account
Use your Android phone’s built-in security key
According to Google, you need to be on an Android smartphone running Android 7.0 or above and an iOS device running iOS 10.0 or above, to be able to use this feature. Further, Google also recommends you to register a backup hardware security key (from Google or other vendors) for your account, which can come in handy to gain access to your account if you lose your Android phone.