Google is expanding its new Android-based two-factor authentication (2fa) to people logging in to Google and Google Cloud services on iPhones and iPads. While Google deserves props for trying to make stronger authentication available to more users, I’ll be avoiding it in favor of 2fa methods Google has had in place for years. I’ll explain why later. First, here’s some background.
Google first announced Android’s built-in security key in April, when it went into beta, and again in May, when it became generally available. The idea is to make devices running Android 7 and up users’ primary 2fa device. When someone enters a valid password into a Google account, the phone displays a message alerting the account owner. Users then tap a “yes” button if the login is legitimate. If it’s an unauthorized attempt, the user can block the login from going through.