iPhone users can now use their smartphone as a security key to authenticate themselves when signing into Google accounts.
Back in April 2019, Google rolled out a feature to all Android phones running Android 7 or newer that essentially turned them into security keys. For those unfamiliar with security keys, they are another form of two-factor authentication (2FA).
Most people know 2FA as the random codes delivered via SMS that they have to type in when signing into something like Gmail or Twitter. The problem with those codes is that they aren’t exactly secure — it’s fairly easy for attackers to spoof your number and intercept the 2FA code.
If they have your password as well, it isn’t difficult to gain access to an account. Thankfully, there are other versions of 2FA that are more secure. App-based 2FA codes, for example, are fairly reliable. So are hardware 2FA keys, like Google’s Titan security key, which plugs into the USB port on your computer and authenticates you.
Turning your phone into a 2FA key is an extension of sorts on the hardware security key. It allows users to connect their phone through Bluetooth to a computer to verify and authenticate you when signing into a service.
Google updated its Smart Lock app for iOS to include support for using the phone itself as a security key. It works similarly to Android and uses a Bluetooth connection between your phone and computer to ensure it’s you trying to sign in. Smart Lock uses the built-in Secure Enclave with Touch ID or Face ID on iPhone or iPad to authenticate users when they try to sign in to a Google service using Chrome.
Unfortunately, it won’t help you sign into non-Google accounts. It may also be a pain if you upgrade your devices frequently. However, it’s better than using SMS codes and might be easier than buying and setting up a hardware key. Plus, since passwords on their own don’t cut and biometrics are a much better option, this can help bridge the gap.
It’s worth noting that Microsoft does something similar with its Authenticator app and Microsoft accounts. When set up properly, Authenticator lets you bypass typing in a password entirely, using a digit to ensure you’re signing in and authenticating you with Face ID or Touch ID.
If you don’t have the Smart Lock app, you can download it for free from the App Store here.