How to use Android or iPhone as a physical security key for Two Factor Authentication

Updated on February 17, 2020

In today’s world of ever improvising tech, there’s also an ever-increasing risk of a threat to your online security. No matter how conscious and careful one is about their data online, there’s always a chance that they can be fooled by hackers into giving up some sort of crucial info like OTPs or passwords using a well-crafted phishing site.

Two Factor Authentication Mobile Phones

For the uninitiated, phishing is a method used by hackers where they create a webpage very similar to the legitimate one you’re supposed to be visiting and entering your secure credentials into. This secure-data will go directly into the hands of the hacker and all your safe information is not safe anymore.

There are many ways to tackle Phishing attacks or just the theft of passwords. One of the most secure ones there is Two Factor Authentication. This is done in many ways, but the basic working of two-factor authentication is the same across all methods.

The two phases of authentication are:

  • One, the actual password entry.
  • Two, the identify confirmation.

The latter can be done in multiple ways and this is where innovation comes in to find better, more secure ways to confirm that the person initiating a login is the one that should be doing it.

Google takes extensive care with their 2-FA and they have a number of ways of doing this.

Google's different ways of Two Factor Authentication

Of these, arguably the coolest and most secure is the requirement of a physical security key. Google supports its own made as well as third party physical security keys, which need to be plugged into the computer for the second layer of authentication. Lately, Google has made an extension for this feature. You can also now use your Android (7.0 or above) or iPhone (iOS 10.0 or above) as proximity enabled physical security key, so you do not have to shell out the extra money for the USB keys.


This is very different from the phone showing a One-Tap authentication screen.

For this method to work, the phone has to be connected to the PC via Bluetooth for successful authentication making it a whole level of secure. Also, having Bluetooth enabled devices is a must for this.

This is very handy for content creators and people that have to travel a lot and need to log into numerous devices on a daily basis.

How to set up your mobile phone as a physical security key for Two Factor Authentication?


  • Both the devices that are being used for the login and authentication need to have Bluetooth.
  • Android version 7.0+ or iOS version 10.0+
  • For iPhone and iPads, you need the Google Smart Lock app from iTunes.
  • Enable 2 step verification in your Gmail Account.

Step 1: On the phone, you want to use as the key, login to your Gmail account and visit here.

Step 2: In the “Signing in to Google” tab, open 2-step verification.

Gmail Account Security centre

Step 3: Under the list of available Alternative Security methods, tap Add Security Key and select the phone you are using and tap Add.

Google - Choose your Security

Google - Add Security key

Step 4: You might also have to tap “Yes” in a notification asking if you’ve signed in on android or a similar prompt fired by the smart lock app on your iPhone.

Step 5: This should set up your phone as the new physical security key for your Gmail account.

How to use the feature?

Make sure both the devices are in Bluetooth range before attempting to sign in and Bluetooth is turned on in both devices. Once the notification appears on your phone, follow the instructions to confirm your sign-in.

Was this article helpful?

Related Articles

Leave a Comment