The competition between tech companies can sometimes be so vicious that it’s surprising when one adopts are at least allows the use of a rival’s technology. In this connected age, however, such cooperation and interaction are inevitable, especially when you’re trying to be present even in your competitor’s platform. Fortunately, Google doesn’t seem to be averse at using iPhone’s security hardware when securely logging into Google accounts on your desktop.
Phones are one of the most common devices used in two-factor authentication because almost everyone has one with them all the time. Among mobile 2FA methods, SMS is the most common but also the least secure. There are other methods available that are less problematic, like Authenticator apps, but Google is now using the iPhone’s secure hardware, the Secure Enclave, instead.
The update to Google’s Smart Lock iOS app practically means that iPhone and iPad owners can verify their Google account login attempts using the same security features they’ve already trusted. That includes both Face ID and, for some older models, Touch ID. Additionally, since the Smart Lock app only uses Bluetooth, the process doesn’t leak into the Internet, keeping everything securely local.
There are, however, some drawbacks. This new security check only works when signing into a Google account from inside the Chrome browser. You also have to type in your password first since it’s a second factor only anyway. Most importantly, the iOS device has to be within Bluetooth range for the process to succeed and, of course, both the computer’s and the iPhone’s Bluetooth connections have to be turned on.
It may not be a completely smooth and painless process, having to switch back and forth between devices, but the alternatives are far more frightening. Given recent SIM swapping studies, SMS 2FA is almost as bad as not having 2FA at all, something that neither Google nor Apple would want.