Your iPhone is the new ‘key’ for securely signing-in to your Google account
Google already announced that devices running Android 7 and later OS versions can be used as 2FA keys for signing into Google. Now, even the latest iOS-running iPhones are also in the mix.
The world is slowly moving towards a 2-factor-authentication (2FA) system for website and service logins. You may have seen this while logging in to Gmail from a new smartphone or a PC or even from an incognito window. Once you try to log in, Google usually sends a prompt to your Android or iPhone handset via the Google app or the Gmail app that requires your approval. Once you approve, the security page on the device that you want to log in opens the Google app (in this case Gmail). While this is common, what's not common is the use of physical hardware keys for 2FA approval. Yes, you can even use a physical key (aka FIDO2 key) that plugs into your PC or phone to sing-in to services.
Google already announced that devices running Android 7 and later OS versions can be used as 2FA keys for signing into Google. Now, even the latest iOS-running iPhones are also in the mix. That means you can sign-in to a Google account using your iPhone as a physical 2FA key. But this doesn't mean you have to plug-in your iPhone to another phone or PC to sign-in. As mentioned by 9to5Google, to make this happen, your iPhone should be nearby within a Bluetooth range as the login prompt is not only sent over an internet connection.
This means that every time if an iPhone user wants to sign-in to their Google account to use any Google app, there will be a prompt sent on the user's nearby iPhone. The user will also have an option to cancel the sign-in process from the iPhone. As tweeted by a cryptographer at Google named Filippo Valsorda, Google is using iPhone's 'Secure Enclave' tech as a security key. The changelog for the 'Google Smart Lock' app in Apple's App Store confirms this feature but doesn't reveal the tech behind it.
Anyone know what a built-in security key means? pic.twitter.com/ERjrEaJZUU— Paul Haddad (@tapbot_paul) 14 January 2020
However, this is said to work only when you are signing-in to Google via Chrome. It would also require the Google Smart Lock app. And since this tech works on Bluetooth connectivity, the feature should be enabled on both the source device and the iPhone.