Apple now lets you protect your Apple ID and iCloud account with Hardware Security Keys, a physical sign-in technology that offers maximum protection against hackers, identity thieves, and snoopers.
Hardware security keys are small physical devices that communicate with USB or Lightning ports or NFC wireless data connections when you sign in to a device or sign in to an account. You must have keys in your possession to use them, so they are effective in thwarting hackers trying to access your account remotely. And because they won’t work on fake login sites, they can thwart phishing attacks that try to trick you into entering your password on a fake website.
Support for keys arrived on Monday with iOS 16.3 and MacOS 13.2, and on Tuesday Apple released details about how to use security keys with iPhone, iPad and Mac. The company requires you to set up at least two keys.
The move follows hardware security key support from other tech companies, including Google, Microsoft, Twitter and Facebook parent company Meta.
Apple has been working to tighten security in recent months, affected by iPhone breaches involving NSO Group’s Pegasus Spyware. Apple’s Advanced Data Protection Option It arrived in December, providing a stronger encryption option for data stored in and synced with iCloud. And in September, Apple added a iPhone lock mode that includes new security measures for how your phone works to thwart outside attacks.
One big caveat, though: While hardware security keys and Advanced Data Protection Program lock your account better, they also mean Apple can’t help you regain access.
“This feature is designed for users who, often because of their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of the government,” Apple said in a statement. “This takes our two-factor authentication even further, preventing even an advanced attacker from gaining the second factor of a user in a phishing scam.”
Industry tightens login security
The technology is part of a tightening of authentication procedures across the industry. Thousands of data breaches have exposed the weaknesses of traditional passwords and hackers can now thwart common two-factor authentication technologies such as security codes sent by text message. Hardware security keys and another approach called passkeys offer peace of mind even when dealing with serious attacks like hackers who get access to LastPass customers’ password manager files.
Hardware security keys have been around for years, but the Fast Identity Online, or FIDO, group has helped standardize the technology and integrate its use with websites and apps. A big advantage on the web is that they are linked to specific websites, for example Facebook or Twitter, thus thwarting phishing attacks that try to get you to log in to fake websites. They are also the foundation of Google’s Advanced Protection Program, for those who want maximum security.
MacOS and iOS allow you to protect your iCloud account and Apple ID with hardware security keys.
Screenshot by Stephen Shankland/CNET
You must choose the appropriate hardware security keys for your devices. To communicate with relatively newer Macs and iPhones, a USB-C and NFC-compatible dongle is a good choice. Apple requires you to have two keys, but it’s not a bad idea to have more in case you lose them. A single key can be used to authenticate to many different devices and services, such as your Apple, Google, and Microsoft accounts.
Yubico, the leading manufacturer of hardware security keys, announced two new FIDO-certified YubiKey models in its series of consumer-friendly security keys on Tuesday. Both support NFC, but the $29 model has a USB-C connector and the $25 model has an older-style USB-A connector.
Google, Microsoft, Apple, and other partners are also working to support a different FIDO authentication technology called passkeys. Passkeys are designed to replace passwords together, and do not require hardware security keys.
#iOS #technology #difficult #hack #iCloud #login