Google’s Smart Lock app for iOS now functions like a physical security key. With today’s update, users can block sign-ins to their Google account unless their iPhone is physically nearby and they approve the sign-in.
Google already offers two-factor login using its Gmail and Search apps on iOS. When enabled, logging in from a new device will prompt you to confirm the sign in from one of its aforementioned iPhone apps. The difference here is that Smart Lock stores a user’s Google credentials in the iPhone’s Secure Enclave, and beams that information to another computer trying to sign in so long as you're nearby and approve it.
The pros and cons of physical security keys — This change adds an extra layer of security because bad actors will essentially need to have access to your phone in order to pull off a breach. Physical security keys are considered a stronger two-factor method than SMS because of a rise in so called “SIM swapping” attacks wherein a “hacker” convinces a mobile carrier to transfer your number over to a new SIM card — one they have in their own possession, of course. This is how Twitter CEO Jack Dorsey's account was recently compromised.
There’s a big caveat with Smart Lock for iOS, however: 1) this method of verification only works if you’re trying to sign in from another computer using the Chrome browser and 2) Bluetooth needs to be enabled both on your iPhone and the computer in question. If you don’t meet both of those requirements you’ll revert to another authentication method.
That’s kind of a bummer, so if you’re someone who feels you need the strongest level of security in all scenarios, you might still want to buy a physical security key, like Google’s own Titan Security Key. That one is a USB drive that also connects over Bluetooth and NFC. You’ll also need to create and hide some backup passwords because, of course, you might lose a physical key.