With the increased adoption of 2FA for online accounts we have seen Google jump into the mix offering their Titan security keys through the Google Cloud division. Making use of the FIDO standard, the Titan package gives you two keys that provide the option to use standard USB, NFC, and Bluetooth connections for verifying your second factor. While USB and NFC work pretty well using Chrome on the desktop and Android devices, there is an outspoken wave of anger in setting up the Bluetooth key on iOS devices as many people are discovering that they can’t get their keys to pair with their iOS device. Many searches for solutions to this problem yield blogs just parrotting the official Google documentation back at you. Through many hours of trial and error, we’ve discovered how to get your key set up and paired correctly the first time (we hope).
You’re going to start off by removing the account you wish to secure from your iOS device. In a perfect world you would already have your Titan keys in hand before signing in on your iPhone or iPad, but we’re 99% sure you’ve already added your account to your device. You have likely already also been using the Smart Lock app for iOS, so removing your account on iOS is as simple as just deleting it from Smart Lock. Now that you have removed your account you can proceed to add it back and pair your key.
Your second step after removing the account from your device is to open your account security dashboard on the desktop and click on 2-Step Verification in the Password & sign-in method box. (Note that we’re assuming you already have 2FA turned on for your account. If you have not yet turned on 2FA, do so now and opt to use Google Authenticator codes as your second factor.) From here you’re going to go all the way to the bottom and look for the Devices you Trust section and hit the Revoke All button. Yes, this is the key step and no, you cannot revoke just a single device. From this point on you will need to re-authenticate every single device using your 2FA method. This is the step that is left off the Google documentation.
Now that you’ve revoked all trusted devices, add your key to your account (if you have not already done so) by connecting it via the included USB cable. The Google documentation outlines this pretty well.
At this point you have a device with no account added, you have revoked all trusted devices, you have 2FA turned on and you have added your Bluetooth key to your account. We can now finally add our account to the device. Open the Google Smart Lock app on your iOS device and either Sign In or add a new account. You will be prompted for the username and password, and once given you will now be asked to pair your Titan key. Follow the instructions on-screen to complete, which are roughly:
- Tap key button to initiate pairing
- Hold down key button for 5s to put key in pairing mode
- Choose bluetooth device listed (key should be only device)
- Read the 6 digit number off the back of the key and input into the prompt
Your Titan Bluetooth key should now be paired to your device. If at any point in time you prompted for a 2FA challenge on this same iOS device, you should be able to hit the button on your bluetooth key and be verified.
Some things to keep in mind:
- Your bluetooth key can still be used on the desktop when your account asks for a 2FA challenge - just plug it in via the USB cord and hit the button. It does not transmit to a desktop device via bluetooth.
- You still need to add the second USB/NFC key to your account if you want to use it. The NFC and bluetooth keys are not interchangable if you have only added one of them to your account. Both need to be added if you intend to use both (you should add them both) as they contain different cryptographic keys.
- Now that you have added your bluetooth key to your device, remember that you also need to answer a 2FA challenge on all your other devices as well (remember when we revoked all trusted devices?). It’s a good time to re-auth your browser sessions and other devices while you have your key handy.