Google Allows iPhones To Be Used As 2FA Physical Security Key

Google has updated its Smart Lock app for iOS devices, which means that modern iPhones can now be used as a physical security key for Google apps such as Gmail, Drive etc.

As most people know, two-factor authentication (2FA) is commonly used to secure online accounts nowadays, beyond the usual username and password.

Typically this works by sending a code via SMS (or email) to a phone or computer. But the problem is that the code can be intercepted.

Hardware key

A new more secure solution is therefore to plug in a phone or computer which acts as a physical security key.

And now modern iPhones can be turned into a physical security key for the Google ecosystem, 9to5 Google reported.

This means the iPhone can be physically near (within Bluetooth range) of the device that wants to log in to Google apps. The login prompt is no longer sent via the internet, making it more resistant to interception.

According to 9to5 Google, this is possible thanks to the Google Smart Lock app being able to utilise the Secure Enclave found on Apple’s A-Series chips. These chips store Touch ID, Face ID, and other cryptographic data, and was first introduced on the iPhone 5s.

So the way this all works is that anytime a user enters a Google account username and password, they’ll be prompted to open Smart Lock on their nearby iPhone to confirm a sign-in.

There’s also apparently the option to cancel with “No, it’s not me.”

It should be noted that this only works when signing-in to Google with the Chrome browser, while Bluetooth on both the desktop computer and phone needs to be enabled as the devices are locally communicating the confirmation request and verification.

More secure

Google’s approach has been welcomed by ESET’s cybersecurity specialist Jake Moore.

“Two-factor authentication is more of a necessity than ever, but the toughest hurdle is encouraging users to set it up,” said Moore. “Without it being built into accounts by default, 2FA only gains significant uptake when it is handed to users on a plate, and is easy to implement.”

“People are just about coming round to understanding SMS 2FA as a rule, but what Google are offering is even more secure to account holders, and offers stronger protection and security,” said Moore.

“Hardware security keys are an excellent way of easily adding an extra layer of security without being delayed when accessing your accounts,” said Moore. “One drawback, however, is the fact that the set-up process might still be a barrier for less tech savvy users.”

Do you know all about security? Try our quiz

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Intel Celebrates As EU Court Strikes Down 2009 Antitrust Fine

Twelve year legal battle sees EU court grant Intel's appeal against $1.2 billion EU antitrust…

10 hours ago

US Commerce Dept Warns Of Severe Chip Shortages

Some manufacturers have less than 5 days supply of computer chips, putting US manufacturing at…

11 hours ago

The Future of Consumer Tech in Business

As consumer and business technologies continue to merge, and as businesses transform into post-pandemic enterprises,…

11 hours ago

IMF Urges El Salvador To Drop Bitcoin As Legal Tender

South American country El Salvador urged to reconsider its decision to adopt Bitcoin as legal…

14 hours ago

Google Sued For ‘Deceptive’ Location Tracking Practices

Four attorneys general in the US are suing Google for allegedly misleading users about when…

16 hours ago