Android users have been able to use their phones as a Google security key for a while, and now Google is finally fulfilling the promise to bring the same functionality to the iPhone. This week, an update of the Google Smart Lock app turns your iPhone into an honest FIDO2 key, using the Secure Enclave to skip SMS and keep your accounts secure.
So far it only works with Google accounts, but it is a great tool for security-minded users. Instead of relying on one-time passwords delivered by SMS, you can use your iPhone to log into your account on another PC, Mac or iOS device quickly and safely without spending money on a separate hardware key. This method does not work on Android phones and any browser activity must be done with Chrome. Any iPhone with a secure enclave will work, which is any phone after the iPhone 5S. (It is not clear if the iPhone 5S supports the function, as it includes a secure Enclave but is not compatible with iOS 13).
Obviously, you will need to have two-factor authentication enabled (two-step verification here) in order for your Google account to take advantage of the additional security layer, so if you don't, do so now. Once it is configured, this is how it works:
- Download or update the Google Smart Lock app from the App Store
- Log in to the account you want to use as a security key
- Follow the prompts to configure the integrated security key of your phone
- Tap Administration Accounts and select your account enabled with security key
- Select the Security tab on the next screen
- Tap 2-step verification
- Scroll down to Your second step
- If your iPhone is not there, touch Add security key and select your phone from the list
And that is all you need to do. Now, when you sign in to a Google service on a new device, you can use your iPhone to authenticate your account.
As long as they are within range of Bluetooth (and Bluetooth is activated for both accounts), you will receive a message on your iPhone when you log in to a Google account on a new device, and you can quickly verify that it is you without fear of someone Steal your text messages. And if you forget your iPhone, you can still select SMS as an option or use an authentication application by selecting "Log in otherwise."