The new iOS option makes it super difficult for someone to hack your iCloud
Apple now lets you protect your Apple ID and iCloud account with hardware security keys, a significant upgrade for those who want maximum protection from hackers, identity thieves, or snoopers.
Hardware security keys are small physical devices that communicate with USB or Lightning connectors, or with NFC wireless data connections when you sign in to a device or account. Since you must have keys in your possession to use them, they are effective in thwarting hackers trying to get into your account remotely.
Support for the keys came with iOS 16.3 and macOS 13.2 on Monday, and on Tuesday Apple released details on using security keys with iPhones, iPads and Macs. The company requires you to set up at least two keys.
Apple has been working to tighten security over the past few months, which has been marred by iPhone breaches involving NSO Group’s Pegasus spyware. Apple’s Advanced Data Protection option arrived in December and offers a stronger encryption option for data stored and synced with iCloud. And in September, Apple added an iPhone lock mode that includes new guard rails for how your phone works to thwart outside attacks.
One big caveat: while hardware security keys and the Advanced Data Protection program do a better job of locking down your account, they also mean Apple can’t help you regain access.
“This feature is designed for users who often face concerted threats to their online accounts because of their public profile, such as celebrities, journalists and government officials,” Apple said in a statement. “This takes our two-factor authentication even further and prevents even an advanced attacker from getting a user’s second factor in a phishing scam.”
Hardware security keys have been around for years, but the Fast Identity Online or FIDO group has helped standardize the technology and integrate its use with websites and apps. A major advantage on the web is that they are linked to specific websites, such as Facebook or Twitter, so they thwart phishing attacks that try to trick you into signing up on fake websites. They also form the basis of Google’s Advanced Protection Program for those who want maximum security.
Apple added hardware security key support to iOS 16.2 and macOS 13.2.
Screenshot by Stephen Shankland/CNET
You must select the correct hardware security keys for your devices. To communicate with relatively new models of Macs and iPhones, a key that supports USB-C and NFC is a good option. Apple requires you to have two keys, but it’s not a bad idea to have more in case you lose them. A single key can be used to authenticate to many different devices and services such as your Apple, Google and Microsoft accounts.
Apple did not immediately respond to a request for comment.
Yubico, the leading manufacturer of hardware security keys, on Tuesday announced two new FIDO-certified YubiKey models in its line of consumer-grade security keys. Both support NFC, but the $29 model has a USB-C port and the $25 model has a legacy USB-A port.
Google, Microsoft, Apple and other allies are also working to support another FIDO authentication technology called Passkeys. Passkeys are designed to completely replace passwords and they do not require hardware security keys.