Security keys are one of the best ways to protect your account from hackers, but the inconvenience and widespread adoption process is always a big obstacle. Google hopes to address that by allowing Android 7.0 or later devices to act as security keys. Although this feature has been operational and compatible with more than half of all Android users, only about 100,000 people use it in the first month.
This feature is really different from 2-layer authentication for Gmail, which only about 10% of users use.
In fact, security lock is very beneficial. Even if hackers get your password and log in, unless they also steal the physical key, your account will still be safe. In addition, if you enter your login information on phishing sites, the security key will help you identify it and warn you about these sites.
When Google first announced Android phones could become security keys, it noted that it only works with Chrome browsers and Google accounts. Now they extend this feature to other devices. Currently, Google's security locker can work on MacOS using the Chrome browser. But for iOS devices, Google requires users to use Smart Lock application instead.
Android and iOS devices that you use to log in will communicate with each other via Bluetooth thanks to the FIDO authentication standard.
Using an Android device as a security key adds another layer of security to iOS devices, similar to when Apple announced adding privacy protection features when logging in at the recent WWDC event. Sign-In with Apple allows users to log in to other services without providing a primary email address, password and fully working with biometric security tools such as Face ID and Touch ID.
Like security keys, biometric authentication provides an additional layer of protection, but maybe a bit safer because it is difficult for hackers to steal your fingerprints or identify your face.