Google’s Smart Lock app for iOS now functions like a physical security key for two-factor authentication.
Last April, Google announced that users could use the chips inside their Android smartphones as a de-facto security key for their Google accounts. Starting this week, Google has expanded this feature to iPhones.
Now, with yesterday’s update to the Google Smart Lock app, reports 9to5Mac, users can now block sign-ins to their Google account unless their iPhone is physically nearby and they approve the sign-in.
When you’ve updated to the latest version of the app (version 1.6), you can select the option to “Set up your phone’s built-in security key.” Once that’s complete, if you have your iPhone within range of the device you’re trying to log in on, you can open up Smart Lock when prompted to verify the sign-in attempt. You can also cancel if you’ve made a mistake or someone’s trying to access your account without your knowledge.
A Google cryptographer explained that this new feature of the Google Smart Lock app takes advantage of the unique device code stored in the Secure Enclave, the cryptographic coprocessor embedded in Apple’s A-series chips that are walled off from the rest of the system. The Secure Enclave is used in all iPhones from the iPhone 5s onwards.
This change adds an extra layer of security because bad actors will essentially need to have access to your phone in order to pull off a breach. Physical security keys are considered a stronger two-factor method than SMS because of a rise in so-called “SIM swapping” attacks wherein a “hacker” convinces a mobile carrier to transfer your number over to a new SIM card.