Apple now lets you protect your Apple ID and iCloud account with hardware security keys, a significant upgrade for those who want maximum protection from hackers, identity thieves, or snoops.
Hardware security keys are small physical devices that communicate with USB or Lightning ports or with NFC wireless data connections when you’re logging on to a device or in to an account. Because you must have keys in your possession to use them, they’re effective at thwarting hackers trying to reach your account remotely.
Support for the keys arrived Monday with iOS 16.3 and MacOS 13.2, and on Tuesday, Apple published details on how to use security keys with iPhones, iPads and Macs. The company requires you to set up at least two keys.
Apple has been working to tighten security in recent months, stung by iPhone breaches involving NSO Group’s Pegasus spyware. Apple’s Advanced Data Protection option arrived in December, giving a stronger encryption option to data stored and synced with iCloud. And in September, Apple added an iPhone Lockdown Mode that includes new guardrails on how your phone works to thwart outside attacks.
A big caveat, though: Although hardware security keys and the Advanced Data Protection program lock down your account better, they also mean Apple can’t help you recover access.
“This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government,” Apple said in a statement. “This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.”
Hardware security keys have been around for years, but the Fast Identity Online, or FIDO, group has helped standardize the technology and integrate its use with websites and apps. One big advantage on the web is they’re linked to specific websites, for example Facebook or Twitter, so they thwart phishing attacks that try to get you to log in to fake websites. They’re the foundation for Google’s Advanced Protection Program, too, for those who want maximum security.
You need to pick the right hardware security keys for your devices. To communicate with relatively new models of both Macs and iPhones, a key that supports USB-C and NFC is a good option. Apple requires you to have two keys, but it isn’t a bad idea to have more in case you lose them. A single key can be used to authenticate to many different devices and services, like your Apple, Google and Microsoft accounts.
Apple didn’t immediately respond to a request for comment.
Yubico, the top maker of hardware security keys, announced on Tuesday two new FIDO-certified YubiKey models in its Security Key Series suited for consumers. They both support NFC, but the $29 model has a USB-C connector and the $25 model has an older style USB-A connector.
Google, Microsoft, Apple and other allies are also working to support a different FIDO authentication technology called passkeys. Passkeys are designed to replace passwords altogether, and they don’t require hardware security keys.