New iOS login technology makes it much harder to hack your iCloud account

Apple now lets you protect your Apple ID and iCloud account with hardware security keys, a significant improvement for those who want the ultimate protection against hackers, identity thieves, or snoopers.

Hardware security keys are small physical devices When you sign in to a device or account through USB or Lightning ports or NFC wireless data connections. Since you need to have the keys to use them, they are useful to prevent hackers from trying to access your account remotely. And they don’t work on fake login sites, so you can avoid phishing attacks that trick you into entering your password on fake websites.

Support for keys arrived with iOS 16.3 and macOS 13.2 on Monday and Tuesday. Apple has released details on how to use security keys with iPhones, iPads, and Macs. The company requires that you set up at least two keys.

Apple, plagued by iPhone leaks, has been working to tighten security in recent months. NSO Group Pegasus Spyware. Apple’s Advanced Data Protection Option Coming in December, it offers a strong encryption option for data stored in and synced with iCloud. And in September, Apple added one iPhone lock mode This includes new security rules for how your phone works to thwart outside attacks.

One big caveat, though: While hardware security keys and the Advanced Data Protection Program lock your account better, they also mean Apple can’t help you regain access.

“This feature is designed for users who face threats embedded in their online accounts, often due to their public profile, such as celebrities, journalists, and members of the government.” Apple said in a statement. “This takes our two-factor authentication even further, preventing even an advanced attacker from gaining the second factor of a user in a phishing scam.”

Industry tightens login security

The technology is part of a tightening of authentication procedures across the industry. Thousands of data breaches have exposed the weaknesses of traditional passwords. Hackers can now bypass common two-factor authentication technologies, such as security codes sent by text message. Another approach called hardware security keys and passwords Provides peace of mind even in the event of serious attacks such as those received by hackers Access to the password manager files of LastPass customers.

Hardware security keys have been around for years, but the Fast Identification Online, or FIDO, team helped standardize the technology and integrate its use with websites and apps. A big advantage over the Internet is that they are linked to specific websites, for example Facebook or Twitter, so they prevent phishing attacks that make you log into fake websites. They are the basis of Google’s Advanced Security Program, also for those who want maximum protection.

Apple added hardware security key support to iOS 16.2 and MacOS 13.2.

Screenshot by Stephen Shankland/CNET

You must select the correct hardware security keys for your devices. A USB-C and NFC-compatible dongle is a good way to communicate with relatively new models of Macs and iPhones. Apple requires you to have two keys, but it’s not a bad idea to have more in case you lose them. You can use a single key to authenticate different devices and services, such as your Apple, Google, and Microsoft accounts.

Yubico is a leading producer of hardware security keysannounced two new FIDO-certified YubiKey models on Tuesday. Its security key series is easy to use. Both support NFC, but the $29 model has a USB-C connector and the $25 model has an older-style USB-A connector.

Google, Microsoft, Apple, and other partners are also working to support a different FIDO authentication technology called access keys. Passkeys are designed to replace passwords In general, they do not require hardware security keys.

Leave a Comment