Technology

Google makes safe logins more convenient by allowing smartphones to be security keys

It's the latest anti-phishing effort from Google's Advanced Protection team.

January 15, 2020

Google’s update Wednesday is a significant step to enhancing adoption of better security practices. (Getty)

Google users can now use an iPhone or Android device as a security key to sign into their accounts, utilizing a technique that improves their defense against phishing attacks, the company announced Wednesday.

In a blog post, a product manager for Google’s Advanced Protection Program wrote that people who exclusively use security keys when logging in to their accounts “never fell victim to targeted phishing attacks.” Yet security keys, which are more secure than text-based authentication, typically are available in the form of a standalone physical device, an inconvenience that may discourage adoption.

Google’s update Wednesday is a significant step toward solving that problem. Instead of plugging a key into a USB slot, users just need to have their phones close to their machines.

“Everything becomes much simpler when the things we’re already carrying around — our smartphones — have a built-in security key,” Shuvo Chatterjee said in the post. “That’s been the case on Android since last year, and starting today you can activate a security key on your iPhone as well. Millions of people around the world — many high-risk users among them — use iPhones, and this new capability makes Advanced Protection significantly easier for them.”

It works like this: A user connects their phone to their computer via Bluetooth. A Google login attempt on a computer triggers a push notification to the phone, and they’re required to press a button on Google’s Smart Lock app to complete the authentication process.

The effort coincides with other security initiatives from Google, such as the expansion of “predictive phishing” tools meant to protect credentials in Chrome.

The upgrade comes amid a growing recognition that, while text-based two-factor authentication provides more security than only a username and password, that technique is not the most secure option. Security hardware options like Yubico’s Yubikey have made advancements, while other technologies like password management tools also are experiencing new interest.

Google makes safe logins more convenient by allowing smartphones to be security keys

More Like This

House hurtles toward showdown over expiring surveillance tools

Civil society groups press platforms to step up election integrity work

Spyware and zero-day exploits increasingly go hand-in-hand, researchers find

Top Stories

House passes bill to limit personal data purchases by law enforcement, intelligence agencies

Mandiant: Notorious Russian hacking unit linked to breach of Texas water facility

‘Large volume’ of data stolen from UN agency after ransomware attack

More Scoops

SEC blames sim-swapping, lack of MFA for X account hijacking

Security professional’s tweet forces big change to Google email authentication

Feds likely to miss deadline for strengthening encryption, multifactor authentication

White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending

Why combining FIDO2 and PKI provides broader enterprise-wide security

Google to make multi-factor authentication its default mode

Apple’s Attest API tool aims to tighten app security

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics