Approving sign-ins to a Google Account from an iPhone (Google)

Google announced that iPhones running iOS 10 or later can now be used as security keys to protect Google accounts against phishing attacks by verifying sign-ins on Chrome OS, iOS, macOS and Windows 10 devices without pairing.

This couldn't have come at a better time given that, according to a recent study conducted by Google and The Harris Poll, 74% out of 500 high-risk US users surveyed - including politicians, activists, executives, and influencers — reported being targeted or compromised by a phishing attack.

The free email service Gmail also automatically blocks over 100 million phishing emails every day according to Google, warning those attacked by government-backed actors of phishing attempts.

By enabling iPhone users to defend against phishing attacks using their phone's security key, Google effectively brought the strongest phishing-resistant two-factor authentication (2FA) to Google accounts on the iOS platform.

Unlike other two-factor authentication (2FA) methods that try to verify your sign-in, security keys are built with FIDO standards that provide the strongest protection against automated bots, bulk phishing attacks, and targeted phishing attacks. - Google

Your iPhone as a Google account security key

This comes after Google also made using the security key built-in Android phones running Android 7.0+ (Nougat) generally available last year, and previously allowing iOS users to verify sign-ins into Google and Google Cloud services with the help of Android phones set up as security keys.

The security key in your iPhone works the same: it uses Bluetooth to verify sign-ins on Chrome OS, iOS, macOS and Windows 10 devices without the need to pair your devices.

This way, you can protect your Google account against hacking attempts on any device with your iPhone's help, even when sensitive information like your user credentials has been stolen.

"This makes it easier and more convenient for you to unlock this powerful protection, without having to carry around additional security keys," Google said. "Use it to protect your personal Google Account, as well as your Google Cloud Accounts at work."

Before setting up your iPhone as a Google account security key you will also be prompted to install the Google Smart Lock app and allow it to send notifications.

Setting up your iPhone

You can set up your phone as a security key for your Google Account using the following steps:

Make sure you have 2-Step Verification or Advanced Protection turned on. Visit myaccount.google.com/security using a supported browser, like Chrome. Under "Signing in to Google," select 2-Step Verification. You might need to sign in. Click Add security key Select your iPhone Add. Follow the on-screen instructions and turn on your iPhone’s built-in security key by tapping Yes, I’m in when prompted to in the Smart Lock app.

To utilize your iPhone's inbuilt security key to sign in to your Google account on new devices you have to:

Make sure Bluetooth is turned on for both devices. Sign in to your Google Account on a Chrome OS (version 79 and above), iOS, macOS, or Windows 10 device. Check your iPhone for a Smart Lock notification. Tap the notification. To verify your sign-in, tap Yes.

Google also recommends registering a backup security key to your Google account to use in the event that you lose your iPhone.

Use your iPhone to enroll in Google's Advanced Protection Program

"You can now use your mobile phone as a security key in the Advanced Protection Program for the enterprise," Google also announced today.

"This means you can use your Android or iOS device’s built-in security key for 2-Step Verification, which makes it easier and quicker to protect high-risk users with our strongest account security settings."

iPhone users can learn more about signing up for the Advanced Protection Program by going to g.co/advancedprotection.

"With attacks on the rise, and many major events on the horizon this year like the U.S. elections in November, the Advanced Protection Program offers a simple way to incorporate the strongest account protection that Google offers," Google Advanced Protection Program PM Shuvo Chatterjee concluded.