iPhones Can Now Be Used To Generate 2FA Security Keys For Google Accounts (9to5google.com) 4
Most modern iPhones running iOS 13 can now be used as a built-in phone security key for Google apps. 9to5Google reports: A built-in phone security key differs from the Google Prompt, though both essentially share the same UI. The latter push-based approach is found in the Google Search app and Gmail, while today's announcement is more akin to a physical USB-C/Lightning key in terms of being resistant to phishing attempts and verifying who you are. Your phone security key needs to be physically near (within Bluetooth range) the device that wants to log-in. The login prompt is not just being sent over an internet connection.
With an update to the Google Smart Lock app on iOS this week, "you can now set up your phone's built-in security key." According to one Googler today, the company is leveraging the Secure Enclave found on Apple's A-Series chips. Storing Touch ID, Face ID, and other cryptographic data, it was first introduced on the iPhone 5s, though that particular device no longer supports iOS 13. Anytime users enter a Google Account username and password, they'll be prompted to open Smart Lock on their nearby iPhone to confirm a sign-in. There's also the option to cancel with "No, it's not me." This only works when signing-in to Google with Chrome, while Bluetooth on both the desktop computer and phone needs to be enabled as the devices are locally communicating the confirmation request and verification.
With an update to the Google Smart Lock app on iOS this week, "you can now set up your phone's built-in security key." According to one Googler today, the company is leveraging the Secure Enclave found on Apple's A-Series chips. Storing Touch ID, Face ID, and other cryptographic data, it was first introduced on the iPhone 5s, though that particular device no longer supports iOS 13. Anytime users enter a Google Account username and password, they'll be prompted to open Smart Lock on their nearby iPhone to confirm a sign-in. There's also the option to cancel with "No, it's not me." This only works when signing-in to Google with Chrome, while Bluetooth on both the desktop computer and phone needs to be enabled as the devices are locally communicating the confirmation request and verification.
Yet another... (Score:3)
...way to make your life hell if you lose your iPhone or it's stolen. Just don't put anything sensitive or valuable on your phone, period.
I have a separate email account for my phone because I know that one day, some day, I'll lose it or it'll get stolen. I don't really care if that email account gets hi-jacked; there's nothing of interest or value on it & I can cancel all forwarding from my real email account.
Better way (Score:2)
An idea for google wear (Score:2)
I'd buy a smartwatch that could be used as a u2f fido dongle (bluetooth and nfc). More than a bit puzzled as to why it doesn't exist.