With Google accounts acting increasingly as holders of all kinds of information about our lives, it is also becoming increasingly necessary to protect them in every way possible. The Mountain View giant allows you to use the method of two factor authentication with physical keys and more easily with Android smartphones; This second option, however, was only available so far on macOS, Windows, and Chrome. Now she's coming to iOS.
Google has developed a new protocol, based on Bluetooth technology and within the FIDO2 standard, which creates a communication network between the Android smartphone and the iPhone / iPad. As a result, when you try to sign in to your Google account on an iOS device, the process will only end if you authenticate that attempt on your Android smartphone.
This is a safer login method for a number of reasons: first, because attackers must necessarily have possession of your Android smartphone to access your account (and you can deauthorize a device immediately if it is lost or stolen). Also, as only verified sites and services can use the Smart key, you do not risk giving your login credentials to a malicious or infected page.
To use the feature, you need to have a smartphone running Android 7.0 Nougat (or higher) already signed in to your Google account. Next, you'll need to go to Google's 2-step verification page and add your smartphone as a valid security key. Finally, simply download the Google Smart Lock app on your iOS device and sign in with your Google account, authenticating the operation on your Android smartphone. More information about the process can be read here.
Sign in with Apple
Still on the subject of logins and authentications, it is worth commenting on this interview by Google's managing director of products, Mark Risher, to The verge or more specifically, the part where he comments on the new feature “Sign in with Apple” for iOS devices.
The executive began by answering Apple's accusations that the login button offered by Google was insecure and shared unwanted information by the user with third parties:
I take the blame for the fact that we never quite articulate what happens when you hit that "Sign in with your Google Account" button. A lot of people don't understand, and some competitors took it the wrong way. Maybe you click that button and it notifies all your friends that you have signed in to a very embarrassing site. So the fact that I have someone (Apple) reinvigorating this field and explaining what that means and what happens is beneficial, but we have had a lot of hints around this release suggesting that one is the safe option and all the others are corrupt, which I obviously not in taste.
He also explained how the Google tool works and took the opportunity to give a slight nudge to the operation of “Sign in with Apple”, suggesting that it more invasive than said by Ma:
We record only the moment of authentication. (The process) is not used for any type of tracking. Not used for any advertising. Not distributed anywhere. And it exists in part for user control, so that it can come back and see what happened. We have a page, part of our checkup which says “Here are all apps connected, you can disconnect them now.” This new product (the “Sign in with Apple”), I don't know how it is built, but it seems that it records the login time and also all the emails that service sends, which sounds much more invasive. But let's look at the details of this.
Risher then reiterated that Apple's technology benefits the internet and makes people “much, much safer”:
Even if users are clicking on our competitors' button when logging in to websites, this is still much better than entering a recycled username and password, or more commonly, a recycled username and password.
Makes sense, doesn't it?