iPhones Can Now Be Used to Generate 2FA Security Keys for Google Accounts - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

iPhones Can Now Be Used to Generate 2FA Security Keys for Google Accounts

by

google smart lock app iconA new update to Google's Smart Lock iOS app lets users set up their iPhone or iPad as a security key for two-factor authentication when signing into native Google services via Chrome browser.

Once the feature is set up in the app, attempting to log in to a Google service via Chrome on another device such as a laptop results in a push notification being sent to their iOS device.

The user then has to unlock their iPhone or ‌iPad‌ using Face ID or Touch ID and confirm the log-in attempt via the Smart Lock app before it can complete on the other device.

After installing the update, users are asked to select a Google account to set up their phone's built-in security key. According to a Google cryptographer, the feature makes use of Apple's Secure Enclave hardware, which securely stores ‌Touch ID‌, ‌Face ID‌, and other cryptographic data on iOS devices.

The Smart Lock app requires that Bluetooth is enabled on both the iPhone/‌iPad‌ and the other device for two-factor authentication to work, so they have to be in close proximity, but the advantage of the system is that it ensures the process is localized and can't be leaked onto the internet.

The Google Smart Lock app is a free download for iPhone and ‌iPad‌ on the App Store. [Direct Link]

(Via 9to5Google.com)

Tags: Google, Security

Top Rated Comments

T
TriBruin
84 months ago

Can someone explain the functional difference between the 'Google'-app I have on my iPhone, which prompts me to verify it's me whenever I login to any Google-services?
The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.
Score: 3 Votes (Like | Disagree)
Westside guy Avatar
Westside guy
84 months ago
There are also standard ways to do two-factor auth, one of which is even implemented by Google through their Google Authenticator app (RFC 6238 time-based one-time passwords - I prefer the OTP Auth app for it) and can be implemented by any app developer for increased security without having to be beholden to Google or any other single entity. I realize some people will complain about having to copy 6 digits (oh the horror), but I prefer standard solutions like that to tying my security to Google - or, for that matter, to having all these vendor-specific two-factor approaches (Apple does it one way, Google does it another, etc.).
Score: 2 Votes (Like | Disagree)
Vincent Verbist Avatar
Vincent Verbist
84 months ago

The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.
Okay, that's something I can understand, but still strange that there is not a single reference to the current solution through the Google app...
Score: 1 Votes (Like | Disagree)
1
1144557
84 months ago

The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.
You would think that is incredibly hard already to crack/spoof an Apple push notification from the Google app itself; far more than SMS. I dont know that this new way offers much more to the average person. In a very high security environment using Goole Apps (not sure why you would do that to begin with then, but ok) I guess.

Its also unclear how not needing an internet connection would help if you are logging into Google which requires internet. That argument doesnt make a ton of sense obviously.

Not knocking more options, its just a bit unclear the differences between this and using the Google app to authenticate 2FA.
Score: 1 Votes (Like | Disagree)
Vincent Verbist Avatar
Vincent Verbist
84 months ago
Can someone explain the functional difference between the 'Google'-app I have on my iPhone, which prompts me to verify it's me whenever I login to any Google-services?
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

gemini for mac app google

Google Maps for CarPlay Getting Gemini AI

Monday May 11, 2026 4:25 pm PDT by
The Google Maps app for CarPlay could soon include support for Gemini, based on code that MacRumors found in the Google Maps app. Gemini integration would allow CarPlay users to get detailed directions and information from Gemini. Strings in the app suggest users will be able to tell Gemini to navigate to a specific location after agreeing to new Terms of Service in the iPhone version of the ...
Read Full Article23 comments
google gemini intelligence

Google Previews Android 17 With 'Gemini Intelligence' a Month Before Apple's iOS 27 Reveal

Tuesday May 12, 2026 12:21 pm PDT by
Google today previewed Android 17, the next version of Android that it is bringing to smartphones and other devices. Android 17 includes multiple new AI features, and it comes about a month ahead of when Apple plans to unveil iOS 27 with new AI capabilities. Google is now calling the AI features on Android "Gemini Intelligence," branding similar to Apple Intelligence. Google said it is...
Read Full Article68 comments
android iphone airdrop quickshare

Google Makes It Easier to Share Files Between Android and iPhone

Tuesday May 12, 2026 2:48 pm PDT by
Google today said it is introducing updated file sharing features that will make it easier for Android users to send files to iPhone users. Quick Share is already compatible with Apple's AirDrop feature on select Android devices, but Google says the feature will expand to Samsung, OPPO, OnePlus, Vivo, Xiaomi, and HONOR devices in 2026. On Android devices that are not compatible with...
Read Full Article38 comments