Secure your Google account by turning your iPhone into a physical key

Protecting your Google account from hackers is now possible by turning your iPhone into a security key.

Jason Cipriani Contributing Writer, ZDNet
Jason Cipriani is based out of beautiful Colorado and has been covering mobile technology news and reviewing the latest gadgets for the last six years. His work can also be found on sister site CNET in the How To section, as well as across several more online publications.
Jason Cipriani
4 min read

Google's Smart Lock app now turns your iPhone into a security key for your account. 

Jason Cipriani/CNET

Hopefully, you're protecting the personal information stored in your Google account -- like your passwords and email, location, search history and a record of your purchases -- using two-factor authentication (2FA). This system is a good second layer of protection to guard against hackers, but it also makes you go through an extra process to retrieve and enter a six-digit code that proves you're really you. Now Google builds off 2FA and makes it possible to skip the acts pf generating and typing in your two-factor code by turning your iPhone into a security key using Google's Smart Lock app for iPhone.

Google's free app promises to be faster and more convenient because it bypasses the need to type a code just by having your phone around. It's like you're preapproved every time. Making your iPhone into a hardware key also solves one concerning problem in the the rise of SIM-swap fraud, in which a hacker takes advantage of one popular type of 2FA, the code sent by text messages, to pry into your accounts.

We're going to go over how to set up Smart Lock on your iPhone, but first, there are a few things to know. The first is that this system makes it harder for remote hackers to gain access to your Google account, but not necessarily every aspect of your online life. The second is that Smart Lock uses a combination of Bluetooth and notifications to work, so it's essential that you're in range and that your phone is powered on. The third is that Smart Lock for iPhone will help make it easier to use Google services on your iPhone, but also on your laptop, especially if you use the Chrome browser.

Here's how you can use Smart Lock to add another layer of protection to your Google account. 

The entire process takes just a few seconds. 

Google, Inc.

Get Smart Lock on your iPhone

Before you start with Smart Lock on your iPhone and Google account, make sure you have two-factor authentication turned on (here's how) and set up in Google Authenticator or, even better, a password managing app. I use 1Password, but we have a roundup of the best password managers for you to choose from. 

With your Google account now protected by two-factor authentication, install the Google Smart Lock app from the App Store on your iPhone

When that's done, open the app and sign into your Google account, then follow the prompts. You'll be asked to select the Google account you want to use, approve Bluetooth access and notification permission, and finally, approve adding your iPhone as a security key. 

Sign in using Smart Lock with Chrome

Using your iPhone as a physical security key means that having it nearby also signs you and authenticates you into your Google account on your laptop, not just on the iPhone itself. But, be aware that Smart Lock's automatic sign in will currently only work within the Chrome browser on your laptop. Signing into your Gmail account in an app or another browser like Safari won't work. Don't worry, you can still sign in to your Google account, but it requires an extra step or two (more on this below). 

Logging into Chrome on your computer, phone or tablet is a breeze, however, as long as your iPhone is nearby. Remember, the Smart Lock feature is using Bluetooth to verify your identity, so your phone needs to be within range. Whenever you visit a Google site like Gmail or Google Docs and are asked to sign in, enter your email address and password as you normally would. 

Instead of being asked to enter your 2FA code, a prompt will show up letting you know a notification was sent to your phone. Tap on the notification on your phone, approve the login, and you'll magically be granted access to your account. 


You aren't locked out of your account if you need to use it outside of Chrome. 

Screenshot by Jason Cipriani/CNET

Sign in using Smart Lock outside of Chrome

If you need to log into another app or service that lives outside of Chrome, you can still get to your Google account, for example, to sign into an app, website or service: 

  • Log in with your username and password.
  • When prompted to insert and activate your security key, click Cancel.
  • Click Try Another Way on the next screen.
  • Select an alternative option, such as using the Gmail app to approve the login, use your 2FA code from an app, or receive a text message.

Google Smart Lock will send an alert to your iPhone for you to approve the login. 

Jason Cipriani/CNET

If you want to go one step further in protecting your account, you can enroll in Google's Advanced Protection program, which is the most extreme option for securing your account. For example, Google recommends having two security keys, like an iPhone and a Titan Security Key -- a physical security key you have to carry with you at all times in case you need to sign into your account. Due to its tight control over your account, enrolling in Advanced Protection will break some apps and services that currently use your Google account.

For example, Google says that "most third-party apps that require access to your Gmail or Drive data, such as travel tracking apps, will no longer have permission." Google recommends its Advanced Protection program for "journalists, activists, business leaders, and political campaign teams." I would only recommend enrolling in the Advanced Protection to advanced users. With the added security protections that it brings, it would be easy to lock yourself out of your Google account forever. 

Using Google's new Smart Lock feature for your iPhone is only one step in securing your online accounts. It's worth repeating that you should be using two-factor authentication for any of your accounts that support it, and if it's offered, use app-based 2FA. Finally, make sure you secure your phone number to protect yourself from a SIM Swap attack.