Google is now offering its 'strongest defense' against hack attack to iPhone users - here's how it works

Google account security

Google

  • Google on Wednesday announced that it's brought its 'strongest defense' against phishing and other kinds of attacks to iPhone users, eight months after it came to Android, a company blog post said.
  • A new update to the Google Smart Lock app means that iPhone users can use the device as a physical 2-factor-authentication key - meaning that attackers can't get into your Google account without physically holding the phone.
  • It replaces a reliance on text messages to confirm that it's actually you who can log into your account. Experts have long warned that text messages are an insecure way to handle authentication, since it's relatively easy for a dedicated attacker to get access to them.
  • Google said it hopes that the updates to its program will help high-risk users, like members of political campaign teams, journalists, and activists, as well as professionals working in highly regulated industries like finance.
  • The company said it considers the updates especially timely, to safeguard against foreign interference amid "attacks on the rise and many major events on the horizon this year like the US elections in November," a blog post announcing the changes said.
  • Visit Business Insider's homepage for more stories.

Google is expanding its powerful account security protections beyond Android users, the company announced Wednesday.

The company has updated its Advanced Protection Program to allow users to use their iPhones as a security key to access Gmail, Drive, and other Google account services. The only potential catch: The Verge reports that the new feature only works in the Google Chrome web browser, at least for now, meaning that anybody using Firefox, Safari, or another browser is apparently out of luck.

Now, iPhone users can download the Google Smart Lock app, activating the devices to function as a physical 2-factor authentication key - meaning that nobody can get into your Google account unless they're physically holding the phone. The changes come more than eight months after Google offered the same services to Android users.

Two-factor authentication (2FA) is a more secure method of logging in to accounts, email, and operating systems. It acts as an additional layer of security to an account password, and often comes in the form of a text message with a code.

But using a phone number as a second layer of security still leaves a phone vulnerable to attacks from more sophisticated hackers, as database leaks over the years have left phone numbers exposed, and it's relatively easy for a sufficiently dedicated hacker to get access to text messages, experts have warned.

That's why Google says its offering is the company's "strongest defense against phishing." Bluetooth-enabled iPhones and Android devices act as an alternative to plugging in a physical key - something required at some security-minded companies - allowing Google to only send over a login prompt if the phone is physically near the device trying to access the account.

Google said it hopes that the updates to its program will help high-risk users, like members of political campaign teams, journalists, and activists, as well as professionals working in highly regulated industries like finance. The company said considers the updates especially timely to safeguard against foreign interference amid "attacks on the rise and many major events on the horizon this year like the US elections in November," the blog post announcing the changes said.

Security experts outside the company, like Facebook's ex-security chief Alex Stamos, have have already voiced their approval of the updates.

"This is another smart incremental step from the Google team that is doing more than anybody to make a password-free future possible," Stamos tweeted.

Get the latest Google stock price here.

{{}}
Add Comment()
Comments ()
X
Sort By:
Be the first one to comment.
We have sent you a verification email. This comment will be published once verification is done.