WHAT IS FIDO
Your device can now be used as a physical security key for two-factor authentication, giving you an even more secure way to log into Google apps than several other existing 2FA methods that Google provides right now. So when if you want a physical device to verify your login, you don’t have to buy a dongle — you can just use your phone.
Two-factor authentication can help prevent unauthorized logins in the event that someone gets your password, which is important when leaks and phishing attacks can put accounts at risk. Google recommends that everyone use their phone as a security key.
Not all methods of two-factor authentication are equally secure, and Google has historically offered a whole bunch: SMS verification codes (which have known weaknesses), the Google Authenticator’s rotating codes, and Google Prompt, which let your Android phone and a Google service on your computer directly communicate with each other over the internet. The new physical security key option works very similarly to Google Prompt — as you can see in the screenshots below — but now it requires your phone to be physically near your computer, thwarting those who might attempt to spoof your account from halfway around the world.
It also uses a pair of authentication protocols, FIDO double-checks that you’re on the right website and not getting phished.
