Google announced that iPhones running iOS 10 or later can now be used as security keys to protect Google accounts against phishing attacks by verifying sign-ins on Chrome OS, iOS, macOS and Windows 10 devices without pairing.
The Google users must have to register their iPhone as a two-factor (2FA) method for their Google accounts, just like how they register hardware security keys.
The next time when they log into their Google accounts, the user will enter their username and password, and then turn on their iPhone’s Bluetooth connection, which will verify the login attempt similar to a hardware security key.
In order to set up an iPhone as a security key for a Google account, the users must have an iPhone running iOS 10 (released in Sep 2016) or later.
Besides, iPhone users will also have to install Google’s Smart Lock app (v1.6 or later), which was updated on Monday to support iPhones as a 2FA method.
Google is now letting users replace hardware security keys with their phones. This change will also trigger a modification to Google’s Advanced Protection Program (APP).
Google’s APP is for users facing higher security risks than others. The users can enroll in the Google APP and benefit from extra security protections features, provided by Google at no extra cost.
Before making Android and iPhone smartphones de-facto security keys, Google users needed a separate hardware security key to enroll in the program. Now, the users will be able to sign up for the APP just with their phones, making it easier for more users to sign up.