Google has updated the Google Smart Lock app on iOS. Users can now use the iPhone as a physical 2FA security key to sign in to Google’s first-party service in Chrome. Once set up, try logging into Google services on a device such as a laptop, and you’ll generate push notifications on a nearby iPhone. Then, you’ll need to unlock your Bluetooth-enabled iPhone and click a button in the Google app to authenticate before you can sign in to Google First Service on your laptop.
Two-factor authentication is one of the most important steps in protecting online accounts, providing an additional layer of security beyond standard usernames and passwords. Physical security keys are much more secure than the six-digit code commonly used today because they can be intercepted almost as much as the password itself. Google, which previously allowed users to use their Android phones as a physical security key, now offers the feature on iOS, meaning that anyone with a smartphone now has a security key without having to buy a dedicated device.
The Google Smart Lock app works via Bluetooth instead of via an Internet connection. This means that the user’s phone must be close to the laptop to authenticate, providing another layer of security. However, the app itself does not require any biometric authentication, and if the user’s phone is unlocked, a nearby attacker could theoretically open the application and verify a login attempt.
According to a google cryptocurrency expert, the new feature takes advantage of the secure Enclave feature of the iPhone processor, which is used for the private key of a secure storage device. The feature was originally introduced on the iPhone 5S, which Google says requires iOS 10 or later to run. The new features of the Smart Lock app mean that the iPhone can now be used with Google’s advanced protection program, which is Google’s strongest protection against phishing or other attacks.