Apple today released iOS 16.3 with long-awaited support for hardware security keys to provide additional protection against phishing attacks and unauthorized access to your devices.
Hardware security keys are small physical devices that look like thumb drives and support USB-C (using an adapter) or Near Field Communication (NFC) to connect to a Mac or laptop. iPhone.
These devices can be used as an additional verification step when using two-factor authentication for Apple IDs rather than the usual six-digit verification code displayed on devices.
Because security keys are meant to be stored in a keychain or wallet and must be in the presence of a device to authenticate a login, they provide better protection against malicious actors trying to log into your account at distance.
For example, threat actors commonly create phishing attacks that steal Apple ID credentials and unique passcodes sent through 2FA verifications.
However, once an Apple ID is configured with a security key, even though an advanced phishing attack can steal your credentials, the remote actor cannot log in because they do not have access to your hardware security key.
Set up a passkey on your iPhone
To use a security key with iOS, Apple requires that you have two keys – one on your person and another stored at home or in the office as a spare if you lose one.
To set up passkey authentication on an iPhone, go to Settings > Click on your name > Password and Security > then select Add a security key.
You’ll then be prompted to make sure you have both security keys ready and add the first one by holding down the gold NFC section of your security at the top of your phone.
Once the security key is selected, you will be prompted to bind the second security key.
Once the two are linked, you will be prompted to see the list of devices your Apple ID is currently signed in with and if you want to sign them out.
When the setup process is complete, any time you need to access your Apple ID, whether to install apps, make a purchase, or sign in on another device, you’ll need to tap your security key at the top of your phone to perform two-factor authentication.
BleepingComputer has confirmed that the feature works with YubiKey 5 NFC, YubiKey 5C NFC, and Google Titan.
Apple says YubiKey 5Ci and FEITAN ePass K9 NFC Security Keys are also known to be compatible.
If you no longer want to use a security key, return to the Security Keys setting and click Delete all security keys. Once your security keys are deleted, you will automatically revert to six-digit verification codes.
You can see Apple’s support article on this feature for more information on using security keys with Apple iOS.