Apple now allows you to protect your Apple ID and iCloud account with a hardware security key, a physical login technology that provides maximum protection from hackers, snooping, and identity theft.
Hardware security keys are small physical devices A device that communicates with a USB or Lightning port or NFC wireless data connection when you’re signed in to your device or account. You must have the keys to use them, so they are an effective deterrent to hackers trying to access your account remotely. Since they won’t work on fake login sites, they can block phishing attacks that try to trick you into entering your password on fake sites.
On Monday, iOS 16.3 and macOS 13.2 began supporting the key, and on Tuesday, Apple released details on how to use Security Key on iPhones, iPads, and Macs. The company requires you to set up at least two keys.
The move comes after other tech companies, such as Google, Microsoft, Twitter and Facebook parent Meta, offered support for hardware security keys. Security Keys are the “gold standard” for multi-factor authentication, according to the US Cybersecurity and Infrastructure Security Agency (CISA).
Apple has been working to beef up security in recent months, hit by a breach involving iPhones NSO Group’s Pegasus spyware. Apple’s Advanced Data Protection Options Launched in December, provides stronger encryption options for data stored and synced with iCloud. In September, Apple added a iPhone lock pattern These include new defenses about how your phone blocks outside attacks.
An important caveat, though: While hardware security keys and advanced data protection programs can do a better job of locking down your accounts, they also mean Apple can’t help you restore access.
“This feature is designed for users who often face common threats to their online accounts due to their public image, such as celebrities, journalists, and members of government,” Apple said in a statement. “This makes our two-factor authentication Going a step further, it could even prevent advanced attackers from gaining a second factor in users in phishing scams.”
Industry strengthens login security
The technology is part of an industry-wide enhanced certification program.Thousands of data breaches reveal the weakness of traditional passwords, and Hackers can now block common two-factor authentication techniques For example, the security code sent by SMS.hardware security key and another type called key Peace of mind even in the face of serious attacks such as hacking Access Password Manager files for LastPass customers.
Hardware security keys have been around for years, but the Fast Identification Online (FIDO) Alliance has helped standardize the technology and integrate it with website and app usage. One of the great things about the web is that they link to specific sites, such as Facebook or Twitter, so they can block phishing attacks that try to log you into a fake site. They’re also the foundation of Google’s Advanced Protection program for those who need maximum security.

MacOS and iOS let you protect your iCloud account and Apple ID with a hardware security key.
Screenshot by Stephen Shankland/CNET
You need to choose the correct hardware security key for your device. For communicating with relatively new Mac and iPhone models, a key that supports USB-C and NFC is a good option. Apple requires you to have two keys, but it’s not a bad idea to have more in case you lose them. A single key can be used to authenticate many different devices and services, such as your Apple, Google, and Microsoft accounts.
Yubico, the top manufacturer of hardware security keys, announced on Tuesday two new FIDO-certified YubiKey models in its line of security keys for consumers. They both support NFC, but the $29 model has a USB-C connector, and the $25 model has an older USB-A connector.
quantity 42% more Americans affected by data breaches in 2022 Compared to 2021, the Identity Theft Resource Center said in January.For some advice on online safety, check out my colleague Bree Fowler’s Tips for Improving Your Online Privacy.
Better passwords and security keys than passwords
Google, Microsoft, Apple and other allies are also working to support a different FIDO authentication technology called a key. Skeleton keys aim to replace passwords Exactly the same, they don’t require a hardware security key.
Keys and security keys are complementary, Andrew Shikiar, executive director of the FIDO Alliance, said Wednesday in a speech at a conference on online identity issues. Using passwords alone or in combination with login codes sent via text message or retrieved from authenticator apps is a big improvement, he said.
“We need to fundamentally change the way people authenticate, from something that is inherently knowledge-based — something you know, something on a server, something in your head, something you type and transmit across the network — to It’s inherently more based on possession,” Shikiar said of the coalition’s push to move away from passwords and login codes.
With FIDO technology like a passkey or security key, the authentication process takes place right where you are, such as with key biometrics or hardware security key possession, so it’s harder for remote attackers to compromise.