Google Allows iPhones To Be Used As 2FA Physical Security Key

Google has updated its Smart Lock app for iOS devices, which means that modern iPhones can now be used as a physical security key for Google apps such as Gmail, Drive etc.

As most people know, two-factor authentication (2FA) is commonly used to secure online accounts nowadays, beyond the usual username and password.

Typically this works by sending a code via SMS (or email) to a phone or computer. But the problem is that the code can be intercepted.

Hardware key

A new more secure solution is therefore to plug in a phone or computer which acts as a physical security key.

And now modern iPhones can be turned into a physical security key for the Google ecosystem, 9to5 Google reported.

This means the iPhone can be physically near (within Bluetooth range) of the device that wants to log in to Google apps. The login prompt is no longer sent via the internet, making it more resistant to interception.

According to 9to5 Google, this is possible thanks to the Google Smart Lock app being able to utilise the Secure Enclave found on Apple’s A-Series chips. These chips store Touch ID, Face ID, and other cryptographic data, and was first introduced on the iPhone 5s.

So the way this all works is that anytime a user enters a Google account username and password, they’ll be prompted to open Smart Lock on their nearby iPhone to confirm a sign-in.

There’s also apparently the option to cancel with “No, it’s not me.”

It should be noted that this only works when signing-in to Google with the Chrome browser, while Bluetooth on both the desktop computer and phone needs to be enabled as the devices are locally communicating the confirmation request and verification.

More secure

Google’s approach has been welcomed by ESET’s cybersecurity specialist Jake Moore.

“Two-factor authentication is more of a necessity than ever, but the toughest hurdle is encouraging users to set it up,” said Moore. “Without it being built into accounts by default, 2FA only gains significant uptake when it is handed to users on a plate, and is easy to implement.”

“People are just about coming round to understanding SMS 2FA as a rule, but what Google are offering is even more secure to account holders, and offers stronger protection and security,” said Moore.

“Hardware security keys are an excellent way of easily adding an extra layer of security without being delayed when accessing your accounts,” said Moore. “One drawback, however, is the fact that the set-up process might still be a barrier for less tech savvy users.”

Do you know all about security? Try our quiz