Google update turns your iPhone into a physical account security key

Google today updated its iOS Smart Lock app with a feature that essentially replaces a physical security key with your actual phone. Android phones have had this feature for months, but now iPhone owners can also use it.

The update notes for the new version of the Smart Lock app read “With this new update, you can now set up your phone’s built-in security key, the best second factor protection for your Google Account.” What this means is that, when you log into your Google accounts, you can confirm that it’s you via your iPhone without the use of a two-factor SMS or the like.

In order to make this work, according to a Google cryptographer, the Smart Lock runs on the Secure Enclave, the separate processor inside most iPhones that handles biometric information such as your fingerprint or your face. Previously, if you wanted to securely log into your Google accounts from an iPhone, you’d need to use a physical key or an Android phone. According to 9to5Google, it only works when you’re trying to log in via the Chrome browser.

It works pretty much like two-factor authentication, only without you having to receive a text message. When you log into Google on another device, you will receive a notification on your iPhone. You then hit a button within the Smart Lock app confirming that, yes, this is you trying to log in, and voila. If it isn’t you, you can cancel the login just as easily. Your phone has to have Bluetooth enabled for it to work, but it’s otherwise a convenience.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

This means that iPhone users can now be part of Google’s Advanced Protection Program — the company’s security for those who’re at significant risk of a breach online, such as journalists and politicians — without having to purchase separate security keys. Still, it won’t do much to protect your account if the person trying to log in also has access to your phone, but it’s still an upgrade.