Google Allows iPhones To Be Used As 2FA Physical Security Key

Google has updated its Smart Lock app for iOS devices, which means that modern iPhones can now be used as a physical security key for Google apps such as Gmail, Drive etc.

As most people know, two-factor authentication (2FA) is commonly used to secure online accounts nowadays, beyond the usual username and password.

Typically this works by sending a code via SMS (or email) to a phone or computer. But the problem is that the code can be intercepted.

Hardware key

A new more secure solution is therefore to plug in a phone or computer which acts as a physical security key.

And now modern iPhones can be turned into a physical security key for the Google ecosystem, 9to5 Google reported.

This means the iPhone can be physically near (within Bluetooth range) of the device that wants to log in to Google apps. The login prompt is no longer sent via the internet, making it more resistant to interception.

According to 9to5 Google, this is possible thanks to the Google Smart Lock app being able to utilise the Secure Enclave found on Apple’s A-Series chips. These chips store Touch ID, Face ID, and other cryptographic data, and was first introduced on the iPhone 5s.

So the way this all works is that anytime a user enters a Google account username and password, they’ll be prompted to open Smart Lock on their nearby iPhone to confirm a sign-in.

There’s also apparently the option to cancel with “No, it’s not me.”

It should be noted that this only works when signing-in to Google with the Chrome browser, while Bluetooth on both the desktop computer and phone needs to be enabled as the devices are locally communicating the confirmation request and verification.

More secure

Google’s approach has been welcomed by ESET’s cybersecurity specialist Jake Moore.

“Two-factor authentication is more of a necessity than ever, but the toughest hurdle is encouraging users to set it up,” said Moore. “Without it being built into accounts by default, 2FA only gains significant uptake when it is handed to users on a plate, and is easy to implement.”

“People are just about coming round to understanding SMS 2FA as a rule, but what Google are offering is even more secure to account holders, and offers stronger protection and security,” said Moore.

“Hardware security keys are an excellent way of easily adding an extra layer of security without being delayed when accessing your accounts,” said Moore. “One drawback, however, is the fact that the set-up process might still be a barrier for less tech savvy users.”

Do you know all about security? Try our quiz

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple Briefly Overtakes Microsoft For Market Crown On AI Plans

Apple AI announcements triggers three-day rally that sees market value briefly overtake Microsoft for most…

3 hours ago

Musk’s X Lawsuit Against Nazi Report Author Slated For 2025 Trial

Trial set for April 2025 against Media Matters, after its report prompted an advertising exodus…

20 hours ago

Elon Musk Wins Shareholder Vote On Pay, Texas Incorporation

Shareholders at Tesla vote to reinstate Elon Musk's 'ridiculous' $56bn pay package, and approve incorporation…

24 hours ago

X (Twitter) Now Hides Posts Liked By Users

Elon Musk’s X platform (formerly Twitter) has this week begun hiding user likes, amid reports…

2 days ago