Google Allows iPhones To Be Used As 2FA Physical Security Key

Google has updated its Smart Lock app for iOS devices, which means that modern iPhones can now be used as a physical security key for Google apps such as Gmail, Drive etc.

As most people know, two-factor authentication (2FA) is commonly used to secure online accounts nowadays, beyond the usual username and password.

Typically this works by sending a code via SMS (or email) to a phone or computer. But the problem is that the code can be intercepted.

Hardware key

A new more secure solution is therefore to plug in a phone or computer which acts as a physical security key.

And now modern iPhones can be turned into a physical security key for the Google ecosystem, 9to5 Google reported.

This means the iPhone can be physically near (within Bluetooth range) of the device that wants to log in to Google apps. The login prompt is no longer sent via the internet, making it more resistant to interception.

According to 9to5 Google, this is possible thanks to the Google Smart Lock app being able to utilise the Secure Enclave found on Apple’s A-Series chips. These chips store Touch ID, Face ID, and other cryptographic data, and was first introduced on the iPhone 5s.

So the way this all works is that anytime a user enters a Google account username and password, they’ll be prompted to open Smart Lock on their nearby iPhone to confirm a sign-in.

There’s also apparently the option to cancel with “No, it’s not me.”

It should be noted that this only works when signing-in to Google with the Chrome browser, while Bluetooth on both the desktop computer and phone needs to be enabled as the devices are locally communicating the confirmation request and verification.

More secure

Google’s approach has been welcomed by ESET’s cybersecurity specialist Jake Moore.

“Two-factor authentication is more of a necessity than ever, but the toughest hurdle is encouraging users to set it up,” said Moore. “Without it being built into accounts by default, 2FA only gains significant uptake when it is handed to users on a plate, and is easy to implement.”

“People are just about coming round to understanding SMS 2FA as a rule, but what Google are offering is even more secure to account holders, and offers stronger protection and security,” said Moore.

“Hardware security keys are an excellent way of easily adding an extra layer of security without being delayed when accessing your accounts,” said Moore. “One drawback, however, is the fact that the set-up process might still be a barrier for less tech savvy users.”

Do you know all about security? Try our quiz

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

6 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

8 hours ago