By Dan Moren
January 23, 2023 11:54 AM PT
Apple ID security key support added in iOS 16.3, macOS 13.2
With today’s release of iOS 16.3 and macOS Ventura 13.2, Apple added yet another additional security feature, allowing users to secure their Apple IDs with hardware security keys.
If you’re not familiar with hardware security keys, they’re small devices that plug in to a hardware port—usually USB, though Lightning models exist—and provide a means of cryptographic authentication.
Apple says security key support is aimed mainly at those who want extra protection from targeted phishing or social engineering attacks. Adding a security key replaces the existing multifactor verification process, where you’re required to provide a six-digit code that appears on your other devices logged into the same Apple ID. So if you want to log in to a new device, manage your Apple ID on the web, or reset your Apple ID password, you’ll need to present your registered security key instead. (If you want to log in to a device that doesn’t have a way to directly connect to a security key—such as an Apple TV, HomePod, or Apple Watch—you’ll need to authenticate with the key on an iPhone or iPad.)
Notably, this feature does not seem to allow the use of a passkey, the security feature rolled out in iOS 16. Many online services that support security keys treat passkeys as essentially the same thing, but it’s possible that such a usage here could present a security vulnerability if a bad actor got access to a device.
Other restrictions include the inability to log in to iCloud for Windows, no support for older devices that can’t update to an OS that allows for security keys, no child accounts or Managed Apple IDs, and no support for other family members Apple Watches paired with a different phone.
I went through the process of adding security keys, which on the Mac can be accessed in System Settings > Apple ID > Password & Security. There’s a new Security Keys section where you can click Add, and the system will walk you through the process. It’s worth noting that Apple requires you have two security keys to set this up, so that you have a backup in case one gets lost. If both your keys are lost, Apple warns that you may be locked out of your account permanently. (In this way, it’s similar to the Advanced Data Protection features for iCloud that Apple added late last year, which put the encryption keys in the hands of users rather than Apple itself.)
Setting up the security keys proved to be straightforward enough, though a bit awkward if you need to connect them to a Mac where the USB ports are out of the way—I plugged mine in to my Studio Display’s ports, but I had to reach behind it to activate the key, which would get old pretty fast if I had to do it several times a day. (I think this is the first time I’ve really wanted a Mac to have an NFC chip built in.)
I’m curious to see how this impacts my day-to-day usage, but I think it will actually be pretty minimal. Now, here’s hoping I can just avoid losing my security keys—maybe it’s time to AirTag them.
[Dan Moren is the East Coast Bureau Chief of Six Colors. You can find him on Mastodon at @dmoren@zeppelin.flights or reach him by email at dan@sixcolors.com. His latest novel, the supernatural detective story All Souls Lost, is out now.]
If you appreciate articles like this one, support us by becoming a Six Colors subscriber. Subscribers get access to an exclusive podcast, members-only stories, and a special community.