New iOS login technology makes it super hard to hack your iCloud account

Apple now lets you protect your Apple ID and iCloud account with hardware security keys, a major upgrade for those who want maximum protection against hackers, identity thieves or snoops.

Hardware security keys are small physical devices that communicates with USB or Lightning ports or with NFC wireless data connections when you sign in to a device or account. Because you need to have keys in your possession to use them, they are effective in preventing hackers trying to access your account remotely. And they don’t work on fake login sites, so they can prevent phishing attacks that try to trick you into entering your password on a spoofed website.

Support for the keys arrived Monday with iOS 16.3 and MacOS 13.2, and on Tuesday Apple released details on how to use security keys with iPhones, iPads and Macs. The company requires you to set up at least two keys.

Apple has been working to tighten security in recent months, plagued by iPhone breaches involving NSO Group’s Pegasus spyware. Apple’s option for advanced data protection arrived in December, providing a stronger encryption option for data stored and synced with iCloud. And in September, Apple added one iPhone lock mode that includes new safeguards on how your phone works to prevent outside attacks.

A big caveat: While hardware security keys and the Advanced Data Protection program lock down your account better, they also mean Apple can’t help you regain access.

“This feature is designed for users who, due to their public profile, often face common threats to their online accounts, such as celebrities, journalists and members of the government,” Apple said in a statement. “This takes our two-factor authentication even further and prevents even a sophisticated attacker from obtaining a user’s second factor in a phishing scam.”

The industry tightens login security

The technology is part of an industry-wide tightening of authentication procedures. Thousands of data breaches have shown the weaknesses of traditional passwords, and hackers can now defeat common two-factor authentication technologies like security codes sent via SMS. Hardware security keys and another approach called access keys offer peace of mind even to serious attacks like hackers accessing LastPass customers’ password management files.

Hardware security keys have been around for years, but the Fast Identity Online, or FIDO, group has helped standardize the technology and integrate its use with websites and apps. A big advantage of the web is that they are linked to certain websites, for example Facebook or Twitter, so they prevent phishing attacks that try to get you to log into fake websites. They are also the basis of Google’s advanced protection program for those who want maximum security.

Apple added hardware security key support to iOS 16.2 and MacOS 13.2.

Screenshot by Stephen Shankland/CNET

You must select the correct hardware security keys for your devices. To communicate with relatively new models of both Macs and iPhones, a key that supports USB-C and NFC is a good option. Apple requires you to have two keys, but it’s not a bad idea to have more in case you lose them. A single key can be used to authenticate to many different devices and services, such as your Apple, Google, and Microsoft accounts.

Yubico, the best manufacturer of hardware security keys, on Tuesday announced two new FIDO-certified YubiKey models in its consumer-friendly security key line. They both support NFC, but the $29 model has a USB-C connector and the $25 model has an older USB-A connector.

Google, Microsoft, Apple and other allies are also working to support another FIDO authentication technology called access keys. Access keys are designed to replace passwords completely and they do not require hardware security keys.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
%d bloggers like this: