Google enhances protections for iOS users with physical security keys – The Independent

Google is rolling out an update to its online services and apps on Apple’s iPhone that makes them more secure.

In a blog post the search giant explained that it is enabling native support for the W3C WebAuthn implementation for Google Accounts. These will support NFC, USB-C, and Lightning keys.

WebAuthn security is passwordless authentication. Rather than using another device, or your phone number, for two-factor authentication, this allows you to use a physical USB key to verify your identity. These are generally safer, as text messages can be intercepted by hackers and not everyone has multiple devices that can be used for authentication.

NFC stands for Near Field Communication, which is used for quick communication between devices. Services such as Google Pay or Apple Pay use NFC to send payments.

Security keys which work for users include:

  • Both the USB-A and Bluetooth Titan Security Keys, which have NFC functionality built-in. This allows you to tap your key to the back of your iPhone when prompted at sign-in.
  • A Lightning security key like the YubiKey 5Ci or any USB security key if you have an Apple Lightning to USB Camera Adapter.
  • A USB-C security key plugged directly to an iOS device that has a USB-C port (such as an iPad Pro)

Google also suggests using these keys alongside a the accompanying smart lock apps in order your iPhone as a key for users’ Google accounts, via Bluetooth security keys or the device’s built-in security key.

Previously, Google offered limited support for iOS users with security keys, but these only worked via Bluetooth and had to be used with Google’s Smart Lock application. With the rollout of iOS 13.3, Apple has added native support for USB-C, NFC, and Lightning security keys to make the process easier.

Security key maker Yubico said that the update for iOS “opens the door to every single Google user, to heighten their mobile security”, as accounts that are enrolled with Google’s its Advanced Protection Program have reportedly seen no evidence of a successful phishing attempt.

As well as Google accounts, security keys such as these can be used for a number of other accounts including 1Password, Coinbase, Dropbox, Facebook, GitHub, Twitter, and many others.


Leave a Reply