There is a growing emphasis on alternative security mechanisms to the regular Password, such as Titan keys, the phishing-resistant two-factor authentication devices that protect high-value customers from the most sophisticated cyber-attacks.
While the Titan keys is highly effective as a security mechanism, the downside remains that you'll need to carry the physical key, which in any situation it gets lost, you'll be locked out from your online activities. However, Google had provided backup with an extra key that can help you gain temporary access to your account, until the recovery which can take days or even weeks.
And just recently, Google also made it possible for Android users to turn their devices into physical security keys, which feature requires devices running Android OS version 7+ with Bluetooth and location services fully enabled. Now, this same capability has been extended to iPhone users, with Google’s Smart Lock app for iOS that allow iPhone users to use their device as a physical 2FA security key for logging into Google’s first-party services using Chrome browser.
How Smart Lock app for iOS works?
The Smart Lock app works with iPhone to enable Google’s Advanced Protection Program, which is perhaps the strongest protection against phishing or other cyber attacks. The program also supports physical security keys, like the Titan keys, while the iPhone functionality makes use of the device processor’s Secure Enclave, which is employed to securely store the device’s private keys.
The feature was first available starting with the iPhone 5S, and requires iOS 10 or later to function. For the new iPhone support, it appears to be limited to authenticating of Google logins from the Chrome browser, as other browsers create an extra step in the login process, requiring an alternative 2FA option.
How to use Your iPhone as a physical Security Key
Firstly, you’d need to download and set up Google’s Smart Lock app, then enable the Bluetooth on your iPhone and tap the button in Google’s app to authenticate before the login to your laptop is completed.
If you attempt to log in to Google services, say, via a laptop, it will generate a push notification for your iPhone.
The process is quite similar to the Google security prompt functionality, but the difference is that the Smart Lock app works via Bluetooth, instead of connecting through the internet. As such, the device will need to be in close proximity to your laptop for authentication to take place, which is another layer of security for your online accounts.