A new update to Google's Smart Lock iOS app lets users set up their iPhone or iPad as a security key for two-factor authentication when signing into native Google services via Chrome browser.
Once the feature is set up in the app, attempting to log in to a Google service via Chrome on another device such as a laptop results in a push notification being sent to their iOS device.
The user then has to unlock their iPhone or iPad using Face ID or Touch ID and confirm the log-in attempt via the Smart Lock app before it can complete on the other device.
After installing the update, users are asked to select a Google account to set up their phone's built-in security key. According to a Google cryptographer, the feature makes use of Apple's Secure Enclave hardware, which securely stores Touch ID, Face ID, and other cryptographic data on iOS devices.
The Smart Lock app requires that Bluetooth is enabled on both the iPhone/iPad and the other device for two-factor authentication to work, so they have to be in close proximity, but the advantage of the system is that it ensures the process is localized and can't be leaked onto the internet.
The Google Smart Lock app is a free download for iPhone and iPad on the App Store. [Direct Link]
(Via 9to5Google.com)
Top Stories
Update: Apple has replaced the Logic Pro X image with an older version. Original story follows.
A seemingly unreleased version of Logic Pro X has appeared on Apple's education site, as spotted by a Reddit user. The image from Apple's education products page shows a 16-inch MacBook Pro running Logic Pro X, but with a familiar interface that looks extremely similar to GarageBand's Live Loops ...
Zoom, a video conferencing app that many people are using at the current time to keep in touch with coworkers while working from home, was sending data to Facebook without disclosing the data sharing to customers. As of today, Zoom has updated its iOS app to remove the SDK that was providing data to Facebook through the Login with Facebook feature, according to Motherboard, the site that...
Most of the factories in China that supply devices and components to Apple are back to churning out products, but Apple suppliers are said to be worried about how much demand there will be for the current iPhone models and the new iPhones expected in the fall.
According to Reuters, a senior official at one of Apple's major supply companies said that orders for quarter ending in March are...
iFixit today shared a video teardown of the new iPad Pro, which Apple unveiled earlier this month. iFixit found that most of the internals of the 2020 iPad Pro are the same as the 2018 model, confirming that the device is a relatively incremental update.
The most notable new feature seen inside the new iPad Pro was the LiDAR scanner, which measures the distance to surrounding objects up...
The upcoming Apple Watch Series 6 set to be released this fall could include a Touch ID fingerprint sensor built into the crown of the device, according to Israeli site The Verifier, which cites "senior sources" who have worked with its staff for a "number of years" as the source of the rumor.
It's not clear how the alleged Touch ID fingerprint sensor would be implemented, as the Digital...
Apple's 5G iPhone is still on track to launch within the company's typical annual fall release schedule, according to a new Bloomberg report on filed on Monday.
Signs are that Apple's Chinese-centric manufacturing -- of which Hon Hai is the linchpin -- is slowly getting back on track. The next iPhones with 5G wireless capabilities remain on schedule to launch in the fall, partly because mass...
Apple plans to launch several Mac notebooks and desktop computers with its own custom designed Arm-based processors in 2021, analyst Ming-Chi Kuo said today in a research note obtained by MacRumors.
Kuo believes that Arm-based processors will significantly enhance the competitive advantage of the Mac lineup, allow Apple to refresh its Mac models without relying on Intel's processor roadmap,...
After last week's flurry of product launches, Apple's new iPad Pro and MacBook Air have started to make their way into consumers' hands, and we've gone hands-on with both of them this week. Apple this week also released iOS and iPadOS 13.4 (as well as macOS, watchOS, and tvOS updates) with a number of new features and improvements.
Subscribe to the MacRumors YouTube channel for more videos. ...
Woot is back today with a big sale on refurbished iPhones, including markdowns on the iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone XR, iPhone XS, and iPhone XS Max.
Note: MacRumors is an affiliate partner with Woot. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
As with every Woot purchase, those...
Apple today released ProRes RAW for Windows in a beta capacity (via Mark Gurman), with the software designed to allow ProRes RAW and ProRes RAW HQ video files to be watched in compatible applications on Windows machines. According to Apple, the software will let the files be played within several Adobe apps: Adobe After Effects (Beta) Adobe Media Encocder (Beta) Adobe Premiere...
Top Rated Comments
(View all)
The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.Can someone explain the functional difference between the 'Google'-app I have on my iPhone, which prompts me to verify it's me whenever I login to any Google-services?
The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.
You would think that is incredibly hard already to crack/spoof an Apple push notification from the Google app itself; far more than SMS. I dont know that this new way offers much more to the average person. In a very high security environment using Goole Apps (not sure why you would do that to begin with then, but ok) I guess.
Its also unclear how not needing an internet connection would help if you are logging into Google which requires internet. That argument doesnt make a ton of sense obviously.
Not knocking more options, its just a bit unclear the differences between this and using the Google app to authenticate 2FA.
Okay, that's something I can understand, but still strange that there is not a single reference to the current solution through the Google app...The way I am reading this, is that it eliminates the push from Google and handles everything locally. When you attempt to sign-in, Chrome will check for the presence of your trusted device (iPhone) via local Bluetooth and prompt you directly. This, in theory, eliminates any chance for a bad actor intercepting the internet based push notification.