Skip to content

Apple now allows you to protect your Apple ID and iCloud account with hardware security keys, which is a significant improvement for those who want maximum protection from hackers, identity thieves or snoopers.

Hardware security keys are small physical devices that communicate with USB or Lightning ports or NFC wireless data connections when you sign in to a device or account. Because you must have keys to use them, they effectively prevent hackers from trying to access your account remotely. And they won’t work on fake login sites, so they can thwart phishing attacks that try to trick you into entering your password on fake sites.

Key support is available Monday with iOS 16.3 and MacOS 13.2, and on Tuesday Apple released details about using security keys with iPhone, iPad, and Mac. The company requires you to set up at least two keys.

In recent months, Apple has been working to tighten security in the wake of iPhone breaches NSO Group’s Pegasus Spyware. Apple’s Advanced Data Protection option arrived in December, giving a stronger encryption option that stores and syncs with iCloud. And in September, Apple added it iPhone lock mode which includes new guardrails that show how your phone works to prevent external attacks.

However, a big warning. while hardware security keys and Advanced Data Protection do a better job of locking down your account, they also mean Apple can’t help you regain access.

“This feature is designed for users who often face coordinated threats to their online accounts due to their public profile, such as celebrities, journalists, and members of the government,” Apple said in a statement. “This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining the user’s second factor in a phishing scam.”

Industry tightens access security

The technology is part of an industry-wide tightening of authentication procedures. Thousands of data breaches have exposed weaknesses in traditional passwords, and hackers can now disrupt common two-factor authentication technologies, such as security codes sent via text messages. Hardware Security Keys and another approach called offline keys give peace of mind even to serious attacks like hackers accessing LastPass customer password manager files.

Hardware security keys have been around for years, but the Fast Identity Online, or FIDO, group has helped standardize the technology and integrate its use with websites and apps. One of the big advantages of the web is that they are linked to certain sites, such as Facebook or Twitter, so they thwart phishing attacks that try to get you to log into fake sites. They are also the basis of Google’s Advanced Protection program for those who want maximum security.

Apple added support for hardware security keys to iOS 16.2 and MacOS 13.2.

Screenshot: Stephen Shankland/CNET

You must select the correct hardware security keys for your devices. For communication with both Mac and relatively new iPhone models, a USB-C and NFC-enabled dongle is a good option. Apple requires you to have two keys, but it’s not a bad idea to have more in case you lose them. One key can be used to authenticate to many different devices and services, such as your Apple, Google, and Microsoft accounts.

Yubico, the best manufacturer of hardware security keys, on Tuesday announced two new FIDO-certified YubiKey models in its line of consumer-friendly Security Keys. They both support NFC, but the $29 model has a USB-C connector and the $25 model has an older-style USB-A connector.

Google, Microsoft, Apple and other allies are also working to support a different FIDO authentication technology called passwords. Passwords are intended to replace passwords at all, and they do not require hardware security keys.


Leave a Reply

Your email address will not be published. Required fields are marked *