The latest update to Google’s Smart Lock app on iOS means users can use their iPhone as a physical 2FA security key for logging into Google’s first-party services in Chrome. Once it’s done, attempting to log in to a Google service on, say, a laptop, will create a push notification on a nearby iPhone.
Users then need to unlock their Bluetooth-enabled iPhone and tap a button in Google’s application to verify before the login process in their laptop completes.
Two-factor authentication is likely one of the most important steps users can take to secure their online accounts. It also gives an additional layer of safety past a standard username and password.
Physical security keys are much safer than the six-digit codes that are in widespread use today, since these codes may be intercepted virtually as quickly as passwords themselves.
Google already allows to use Android phone as a physical security key, and now that the feature is available on iOS it signifies that anyone with a smartphone now owns a security key without having to purchase a dedicated device.
The brand new process is much like the existing Google Prompt feature; however, the crucial difference is that the Smart Lock app works over Bluetooth, rather than connecting through the internet.
Meaning a phone must be in proximity to a laptop for the authentication to work, which offers another cover of security.
Nonetheless, the application itself doesn’t ask for any biometric authentication — in case an iPhone is already unlocked. A nearby attacker could open the app and authenticate the login attempt.