You can now use your iPhone as a physical two-factor authentication security key for logging into Google’s first-party services in the Chrome browser on another device.
That’s thanks to the version 1.6 update to Google’s Smart Lock app for iOS.
It lets you use a Bluetooth security key or set up the security key that’s built into your iPhone. “With this new update, you can now set up your phone’s built-in security key, the best second factor protection for your Google Account,” as per release notes accompanying the download.
This only works if you’re using Google’s Chrome browser and when logging in to a first-party Google service, however. The feature is unsupported on other browsers or when using your Google account credentials to log in to apps and websites.
After setting up the app by selecting your Google account with the two-factor authentication protection turned on, and giving Bluetooth and notification permission, attempting to log in to a Google service on one device like your Mac will automatically send a push notification with a one-time security code to your nearby iPhone. In order for this to work, both devices must have Bluetooth enabled in their Settings app and be in relative proximity to each other.
A Google cryptographer explained on Twitter that this new feature of the Google Smart Lock app takes advantage of the unique device code stored in the Secure Enclave, the cryptographic coprocessor embedded in Apple’s A-series chips that’s walled off from the rest of the system. The Secure Enclave is used in all iPhones from the iPhone 5s onwards.
It uses the Secure Enclave as a security key, it's pretty cool.
— Filippo Valsorda 💉💉🎉 (@FiloSottile) January 14, 2020
Two-factor authentication provides an additional layer of security for your account by requiring a one-time code after logging in with your Google user name and password credentials on a new device. These codes can be sent via SMS, which isn’t very secure to begin with, or be pushed to one or more devices designated as your trusted hardware.
Safari on iOS 13, iPadOS and macOS Catalina 10.15 or later supports physical security keys that works over USB-C or Lightning, such as Yubico’s NFC-based physical security keys for passwordless login and two-factor authentication.
The app requires iOS 10 or later.