Industry News

iPhones now work as physical security keys for Google services

Image by Jan Vašek from Pixabay

As multi-factor authentication becomes ubiquitous across all digital services, Google is adding a new safety net for security-conscientious iPhone owners. Apple customers can now use their shiny smartphones as security keys to access Google services securely.

The latest update to the Google Smart Lock app on iOS enables a feature previously only available to Android users – the ability to use the iPhone as a physical security key. The search giant calls it “the best second factor protection for your Google Account,” and for good reason.

Bluetooth means physical proximity required

For the feature to work, users need Bluetooth switched on, both on the phone and on the secondary device doing the login. This means the phone, which now acts as a physical security key, needs to be close to the device on which the user is trying to authenticate.

Some speculate this could open up a new can of worms in terms of security, since an attacker could theoretically take advantage of an already unlocked device. However, there are not too many situations where a user would leave their phone unlocked and unattended. Furthermore, every smartphone, be it Android or iOS, is designed to lock itself if left idle.

How to Set up your iPhone as a security key                              

  1. On your computer, launch a browser (preferably Chrome) and go to myaccount.google.com/security
  2. Under “Signing in to Google,” select 2-Step Verification and sign in if prompted to do so
  3. Tap Add Security Key
  4. Select your iPhone and then Add
  5. Follow the on-screen instructions
  6. Install the Google Smart Lock app (if you haven’t already)
  7. Open Smart Lock and tap “Yes, I’m in to complete the set up”
  8. For the feature to work, users need to allow Smart Lock to do notifications

Multi-factor authentication is key to good cybersecurity hygiene, both for regular people and for corporations. Failure to use a secondary device for authentication leaves the door wide open to bad actors looking to infect your computer, steal your banking information, take over your smart devices, or breach your organization and hold your data for ransom.

Google’s update may not do much to secure a business, but it’s a very good addition to the company’s Advanced Protection Program (APP) for customers worldwide. If you’re an iPhone owner using Google’s services regularly, the new use-your-phone-as-security-key is a must.

About the author

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.