In a major move, Google has announced that iPhones can now be used as security keys for Google accounts.
The feature, designed as a two-factor security layer, will help users protect their accounts from third-party intrusions - without investing in a dedicated physical security key. Previously, the capability was restricted only to Android phones.
Here's all you need to know about it.
First, you should understand the need for security keys
For years, Google has been verifying logins with SMS codes, Google Authenticator codes, and prompts enabling communication between two devices over the internet.
But, the thing is, all these methods are easier to circumvent, except a physical security key protected with a dedicated security standard. It verifies your identity and detects if you're logging in on the right page to dodge potential phishing attacks.
Google allowed phone-based security keys
As physical security keys had to be purchased and then carried around all the time, Google came up with the option of using smartphone hardware as physical security keys for verifying login attempts on all its app and services.
However, in the initial days, the company kept the 2FA solution restricted and only accepted phones running Android 7.0 or newer as a 'security key'.
Now, even iPhones are supported
While Google did not enable older Android devices to work as security keys, it has started extending support to iPhones.
As part of this, the company has updated the Google Smart Lock app for iOS with an option to use Secure Enclave, the built-in security key that stores Touch ID, Face ID, and other cryptographic data of iPhones, as physical security for two-factor authentication.
Then, you just need your phone for logging in
Once you use the option to opt for Secure Enclave, signing into a Google account will require you to open Smart Lock and approve the login individually.
However, it is worth noting that the feature would work only when you sign in on Google apps and have the linked iPhone/iPad nearby. It would use both devices' Bluetooth to connect and verify your identity.
Hopefully, Google will add support for more browsers
The new option comes as a handy solution to boost account security, without depending on the less reliable SMS codes.
It is limited only to sign-ins on Google apps, including Chrome, but we expect the company to support more browsers in the future.
That said, also keep in mind that if you upgrade devices too frequently, this might not be the best security solution.