Security Keys for iOS devices
Securities key for iOS is introduced by Apple with iOS 16.3. These are physical keys (Third party — ex -Yubikey) which replace the authentication code of two-factor-authentication of Apple ID. This enable user to add additional layer of security to their devices and apps.
These keys are designed to replace the verification codes that are sent to Apple devices for authentication when logging into another device.
Provides much stronger protection towards phishing and unauthorised account access.
These Security keys can be used in resetting your appleId or pwd, unlocking your Apple ID, signing into using Apple ID and pwd on new device or web.
Who should be using the Security Keys
Anyone who thinks their device is on high risk if it is stolen or lost or even lands on wrong hands should buy these. Additionally if anyone needs high protection for their phone may install this key.
Hackers can go so far as to have your username and password, but without the right security key, they still won’t be able to access your data.
How Much the Key cost
The cost of these keys are about £25–80. There are quite a range of FIDO® certified keys available in market and one can choose the key based on their requirements and device type.
Which security key is right for you
Security key you choose should be compatible to your device. If you’ve USB C on your device- it should match the same.
Security Keys for Apple ID works with any FIDO Certified security key. For examples YubiKey 5C NFC, YubiKey 5Ci and FEITIAN ePass K9 NFC USB-A.
If you choose a different security key, you should choose security keys that are FIDO® Certified, and have a connector that works with the Apple devices that you use on a regular basis.
Reference : https://support.apple.com/en-us/HT213154
How to configure Security Key to your account
Following are the steps to configure your security key on iPhone:
- To start launch Settings app from your device and tap on your profile tile and select ‘Password & Security’ and tap Add Security Keys
- In the ‘Security Keys’ page, select Add Security Keys again
- Select Continue in the “You Need Two Security Keys” view
- Select Sign Out of Devices and input your Passcode
- In the “Add the First Security Key” view, provide security key PIN and then hold the NFC-enabled security key near the top left side of the iPhone or insert into Lightning connector if you have the YubiKey 5Ci
- Name the security key and tap Next
- Follow the on-screen instructions to repeat steps 6–8 for the second security key and give it a different name
- In the “Review Your Active Devices” view tap Stay Signed In to All
- Select ‘Done’ to finish
Now sign-in on your device with apple id — you will get a prompt — to sign in with security keys, now tap the security key on back of your device to sign-in. Sometimes you may get a prompt to open browser but just ignore that and tap to retry.
NB: We can add multiple security keys to one account
How to disable hardware security keys in iOS 16.3
Disabling security keys can be done via iOS, iPadOS, or macOS devices. Here’s how to disable security keys on iOS or iPadOS:
- Go to Settings → <Your Name> → Password & Security → Security Keys
- Tap on the name of the key and tap Remove Key. You can only remove an individual key if you have three or more keys enabled.
- Enter your iPhone Passcode to unlock and remove the individual key.
- To remove all keys, tap the Remove All Keys button and then tap Remove to confirm.
- Enter your iPhone Passcode to remove all security keys.
Removing all keys will disable hardware security keys, and revert back to using six-digit verification codes for two-factor authentication.
Limitation and Risk
The biggest risk I see is if the user forgets their password for the security key, they may get locked unless the user has at least one more trusted device with a known password.