advertisement

If you want to seriously protect your online accounts, you must already use unique, strong passwords for your online property, preferably with the help of a password manager. In addition, many products and services now support two-factor authentication (2FA), which adds an extra layer of security on top of that password. You should use 2FA with all your valuable accounts, especially those that you use to manage money and personal information. It is one thing for hackers to steal your Netflix account, and something completely different for thieves to gain control over a banking app or email account. But even 2FA is not always useful, especially when it comes to entering a code that you have just received via SMS. A better alternative is to use a standalone gadget as your 2FA authenticator. And the iPhone happens to be such a device when it comes to Google accounts.

Your Google account holds the keys to a wealth of data because it manages all of your Google properties, including Gmail, Search, YouTube, Maps, and many others. And Google has now transformed the iPhone into a device that looks a lot like a FIDO 2FA key – Google also makes its own physical 2FA keys.

Google has this week updated the Google Smart Lock app to turn the iPhone into a 2FA security key, 9to5Google reports. A Googler confirmed on Twitter that the company uses the Secure Enclave in the A-series chip of the iPhone to turn the iPhone into a 2FA device. If that name rings a bell, it is because the Security Enclave is a chip that contains Face ID or Touch ID data, as well as other cryptographic data.

advertisement

It uses the Secure Enclave as a security key, it’s pretty cool.

– Filippo Valsorda (@FiloSottile) January 14, 2020

If you want to use the iPhone as a 2FA authenticator in Google accounts, you must set it as one in Smart Lock. Once that has been done, every time someone uses the Google Account login details must log in, open Smart Lock on the iPhone and confirm. The iPhone must be located near the computer used to log in to Google apps because the data is transmitted locally via Bluetooth. That iPhone protection would make it impossible for anyone to log in to your 2FA-protected Google account. They had to get your device to do it, and that means they had to bypass the screen lock to get to the Smart Lock app.

Google’s move once again confirms Apple’s high security standards when it comes to user privacy and data security at a time when the government is again calling on the iPhone maker to destroy iPhone encryption.

Image source: Ray Tang / LNP / Shutterstock

. (TagsToTranslate) 2fa

advertisement