Android users have been able to use their phones as Google security key for a while now, and now Google is finally making good on the promise to bring the same functionality to the iPhone. An update to the Google Smart Lock app this week turns your iPhone into an honest-to-goodness FIDO2 key, using the Secure Enclave to skip SMS and keep your accounts safe.
It only works with Google accounts so far, but its a great tool for security-minded users. Instead of relying on one-time passwords delivered over SMS, youll be able to use your iPhone to log into your account on another PC, Mac, or iOS device quickly and securely without spending money on a separate hardware key. This method doesnt work on Android phones and any browser activity will need to be done using Chrome. Any iPhone with a Secure Enclave will work, which is any phone after the iPhone 5S. (It's unclear if the iPhone 5S supports the feature, as it packs a Secure Enclave but doesn't support iOS 13.)
Obviously, youll need to have two-factor authentication (2-Step Verification here) turned on for your Google Account to take advantage of the extra layer of security, so if you dont, go do it now. Once thats set up, heres how it works:
- Download or update the Google Smart Lock app from the App Store
- Log into the account you want to use as a security key
- Follow the prompts to set up your phones built-in security key
- Tap Manage Accounts and select your security key-enabled account
- Select the Security tab on the next screen
- Tap 2-step Verification
- Scroll down to Your second step
- If your iPhone isnt there, tap Add Security Key and select your phone from the list
And thats all you need to do. Now when you sign into a Google service on a new device, youll be able to use your iPhone to authenticate your account.
As long as theyre within Bluetooth range (and Bluetooth is turned on for both accounts), youll get a prompt on your iPhone when signing into a Google account on a new device, and youll be able to quickly verify that its you without the fear of someone stealing your texts. And if you forget your iPhone, youll still be able to select SMS as an option or use an Authenticator app by choosing Sign in another way.