AppleID Supports Hardware Keys - ThreatWire (Patreon)

By Shannon Morse 

This news is very much a PSA for anyone who uses iOS devices.  Apple released 16.3 last week, and that finally comes with support for hardware keys for your AppleID. Hardware keys have been supported for apps on iOS devices for a long time, but now you can also secure your AppleID with one, a major upgrade from traditional 2FA which sends you a 6 digit code to confirm before allowing you to log into your account.

Lately, we’ve seen lots of news about 2FA codes being stolen in phishing techniques, so this is a really positive upgrade.

In order to add this to your account - go into your Settings app, click on your name, Password and Security, then click Add Security Key. Follow the on screen directions to add your key.  Apple smartly requires that you add two security keys so if you lose one, you can still log in with your secondary one. This is important because Apple will not have any way to help you retrieve your account if you lose access. You can add up to 6 keys by the way, but that is probably overkill for most people. You’ll need to add 2 keys at minimum in order to set up hardware security. Once done, you’ll be asked to review devices you’re currently logged into, and remove any as necessary. And if you lose a key, you can always remove them by going to the same page in your Settings app.

Several keys work with AppleID including Google’s Titan, and Yubikeys, and newer Apple devices including Macs can support keys that have USB-C or NFC. While hardware keys are an upfront cost, the benefit of this additional security can save you tons down the line.

LINKS:

https://www.bleepingcomputer.com/news/apple/apple-ios-163-arrives-with-support-for-hardware-security-keys/

https://www.zdnet.com/article/what-is-security-keys-for-apple-id-and-why-does-it-matter/

https://www.cnet.com/tech/mobile/new-ios-login-tech-makes-it-super-hard-to-hack-your-icloud/