Apple now lets you protect your Apple ID and iCloud account with hardware security keys, a significant upgrade for those who want maximum protection from hackers, identity thieves, or snoops.
Hardware security keys are small physical devices When you sign in to a device or account through USB or Lightning ports or NFC wireless data connections. Since you need to have the keys to use them, they are useful in preventing hackers from trying to access your account remotely. And they don’t work on fake login sites, so you can prevent phishing attacks that fool you into typing your password on fake websites.
Support for keys arrived with iOS 16.3 and macOS 13.2 on Monday and Tuesday. Apple has released details on how to use Security Keys With iPhones, iPads and Macs. The company requires you to set at least two keys.
Apple, plagued by iPhone breaches, has been working to tighten security in recent months Pegasus Spyware by NSO Group. Apple’s Advanced Data Protection option Arriving in December, it offers a strong encryption option for data stored and synced with iCloud. And in September, Apple added one iPhone Lock Mode This includes new security rules for how your phone works to thwart external attacks.
One big caveat, though: Although hardware security keys and the Advanced Data Protection Program lock down your account better, they also mean that Apple can’t help you regain access.
“This feature is designed for users who face integrated threats to their online accounts, often because of their public profile, such as celebrities, journalists and members of government.” Apple said In a statement. “This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.”
Industry tightens login security
The technology is part of a tightening of authentication procedures across the industry. Thousands of data breaches have shown the weaknesses of traditional passwords Hackers can now bypass common two-factor authentication technologies Such as security codes sent via text message. Another approach called hardware security keys and Passwords Provides peace of mind even for severe attacks like those received by hackers Access to LastPass customers’ password manager files.
Hardware security keys have been around for years, but Fast Identification Online, or FIDO, the team helped standardize the technology and integrate its use with websites and apps. A big advantage on the Internet is that they are linked to specific websites, for example, Facebook or Twitter, so they prevent phishing attacks that make you log in to fake websites. They are the foundation Google’s Advanced Security ProgramAlso, for those who want maximum protection.
Apple added hardware security key support to iOS 16.2 and MacOS 13.2.
Screenshot by Stephen Shankland/CNET
You must select the correct hardware security keys for your devices. A key that supports USB-C and NFC is a good way to communicate with relatively new models of both Macs and iPhones. Apple requires you to have two keys, but it’s not a bad idea to have more in case you lose them. You can use a single key to authenticate different devices and services, such as your Apple, Google, and Microsoft accounts.
Yubico is a leading producer of hardware security keysannounced on Tuesday Two new FIDO-certified YubiKey models Its security key series is suitable for consumers. They both support NFC, but the $29 model has a USB-C connector and the $25 model has an older-style USB-A connector.
Google, Microsoft, Apple and other partners are also working to support a different FIDO authentication technology called passkeys. Passwords are designed to replace passwords Overall, they don’t require hardware security keys.
“Friend of animals everywhere. Devoted analyst. Total alcohol scholar. Infuriatingly humble food trailblazer.”