Apple now lets you protect your Apple ID and iCloud account with hardware security keys, a significant improvement for those who want the ultimate protection against hackers, identity thieves, or snoopers.
Hardware security keys are small physical devices that communicate with USB or Lightning ports or NFC wireless data connections when you sign in to a device or sign in to an account. Because you must have keys in your possession to use them, they are effective in thwarting hackers trying to access your account remotely. And they won’t work on fake login sites, so they can thwart phishing attacks that try to trick you into entering your password on a fake website.
Support for keys arrived on Monday with iOS 16.3 and MacOS 13.2, and on Tuesday, Apple released details on how to use security keys with iPhone, iPad, and Mac. The company requires you to set up at least two dongles.
Apple has been working to tighten security in recent months, affected by iPhone breaches involving NSO Group’s Pegasus Spyware. Apple’s Advanced Data Protection Option It arrived in December, providing a stronger encryption option for data stored in and synced with iCloud. And in September, Apple added a iPhone lock mode that includes new security measures for how your phone works to thwart outside attacks.
One big caveat, though: While hardware security keys and Advanced Data Protection Program lock your account better, they also mean Apple can’t help you regain access.
“This feature is designed for users who, often because of their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of the government.” apple said in a sentence. “This takes our two-factor authentication even further, preventing even an advanced attacker from gaining the second factor of a user in a phishing scam.”
Industry tightens login security
The technology is part of a tightening of authentication procedures across the industry. Thousands of data breaches have exposed the weaknesses of traditional passwords and Hackers can now thwart common two-factor authentication technologies such as security codes sent by text message. Hardware security keys and another approach called access keys offer peace of mind even when dealing with serious attacks like hackers who get access to LastPass customers’ password manager files.
Hardware security keys have been around for years, but the Fast Online Identity, or FIDO, the group helped standardize the technology and integrate its use with websites and applications. A big advantage on the web is that they are linked to specific websites, for example Facebook or Twitter, thus thwarting phishing attacks that try to get you to log in to fake websites. are the basis for Google Advanced Protection ProgramAlso, for those who want maximum security.
Apple added hardware security key support to iOS 16.2 and MacOS 13.2.
Screenshot by Stephen Shankland/CNET
You must choose the appropriate hardware security keys for your devices. To communicate with relatively newer Macs and iPhones, a USB-C and NFC-compatible dongle is a good choice. Apple requires you to have two keys, but it’s not a bad idea to have more in case you lose them. A single key can be used to authenticate to many different devices and services, such as your Apple, Google, and Microsoft accounts.
Yubico, the leading manufacturer of hardware security keysannounced Tuesday two new FIDO certified YubiKey models in its Security Key Series suitable for consumers. Both support NFC, but the $29 model has a USB-C connector and the $25 model has an older-style USB-A connector.
Google, Microsoft, Apple, and other partners are also working to support a different FIDO authentication technology called passkeys. Passkeys are designed to replace passwords together, and do not require hardware security keys.
