Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Explains iOS 16.3's New Security Keys Feature

Orionfox said:
As someone who loves tech and likes to learn as much as I can, I just can't help to think this security stuff is just way overblown for MOST home users.Maybe it my days of supporting old windows (while being a Mac user since 80s) I just don't keep important stuff on my main drive or not on removable drive (or now in say Apple's Cloud)

Maybe I am too old, but I am just tired of having to jump through so many hoops just to log into a website on a new platform (or reimaged system). Had to visit HR to have them reset my account because I changed my phone number and there is no other way for 2 factor on their websites - just to see schedule or view paycheck stubs.

There is a reason I still love my iPhone with a fingerprint reader! Now if Safari / OS could just actually keep my passwords correctly (had been great but lately many sites just claim my password is wrong despite no changes)
Click to expand...
Maybe it's not for "most home users"

'Apple says the optional security feature is designed for individuals who want "extra protection from targeted attacks, such as phishing or social engineering scams."'
 
  • Like
Reactions: Miicat_47 and TimFL1
BenGoren said:
“For example, you could hide a key somewhere at home as a backup solution.”

No; please don’t do this. You’ll just forget where you put it

“ … and one key at work.”

*PLEASE* don’t do this! Whoever owns the company can trivially steal your account if you do so. Even if you’re the person who owns the company, whoever cleans your office could steal your account.

You should have a secure place at home to keep important documents. At the very least, a drawer of a filing cabinet, but a small fireproof safe is preferable. You can decide the level of security you need, all the way up to a personal bank vault — but don’t rely on obscurity to keep it secure. Keep the backup there.

And it’s a good idea to have a safe deposit box at a bank. Keep the other backup there.

If you really need more than those two backups, then add more safe deposit boxes at different banks, or a locked fireproof safe at a trusted family member’s home, or some other variation on the theme. But you almost certainly don’t need nor want that many backups.

Incidentally, these are also where you should be keeping portable hard drives with backups of whatever data you most care about.

b&
Click to expand...
Pretty sure you need the password to sign in, and it probably won't let you reset an iCloud password with just a key (they let you reset iCloud passwords with trusted devices and trusted phone numbers, doesn't say in the Apple Support article "if you forget your password" if they would let you reset with just a key, so assumingly it's not allowed).

So don't forget your password! (or don't lose your devices). And don't write your password on a sticky note and put it on your key, that would be the worst case scenario.
krspkbl said:
I really wanted a key but I can't think of the best way to do it. Either way I need an adapter.

I was going to buy 2x USB-A keys but since iPad doesn't have NFC i'd need to use an adapter any time I wanted to sign into something on iPad. I got USB-A because my PC is mostly those ports. There is a USB-C port but it's awkward to reach (I have a mid tower PC) and I struggle enough plugging in an ethernet cable or a USB-A port. I mostly use my front panel ports.

Best thing I can think of is buying 2x USB-C keys and a USB-A to C adapter and leave it plugged into my PC front panel at all times. But that's more expensive. It was already a tough pill to swallow spending £96 on 2x USB-A keys (cancelled that order) and I don't want to spend £139 for 2x USB-C keys and an adapter.

I'll just stick to using codes in Bitwarden.
Click to expand...

There are adapters that convert in the reverse on USB-C to USB-A, USB-C female to USB-A male, so you could put that adapter on the front of your case and plug the USB-C key into that. You still use an adapter but you keep it with the PC and you don't have to use an adapter on the iPad or iPhone. Complication: It technically is not USB spec compliant but it usually works with USB data devices, it's if you do something stupid like try to wire two USB-A devices together that it can screw things up.
 
krspkbl said:
Urgh, so iPad doesn't have NFC? And i got 2 usb-a keys. There is no point buying a USB-C key just for iPad because I need USB-A for my PC.

I don't know how this is going to work.

Edit: looks like i'll need to use an adapter for my iPad :rolleyes:
Click to expand...

Honestly? If you are going to embrace the use of security keys, two is not enough. One will be your daily driver, one to store away somewhere.

To me, three is the minimum. Four is the sweet spot.

I’ve said it elsewhere but I’ve had multiple 5cis fail and die. I wouldn’t trust them farther than I could throw them. And with my bad back, I shouldn’t be throwing anything.
 
jaytv111 said:
Pretty sure you need the password to sign in, and it probably won't let you reset an iCloud password with just a key (they let you reset iCloud passwords with trusted devices and trusted phone numbers, doesn't say in the Apple Support article "if you forget your password" if they would let you reset with just a key, so assumingly it's not allowed).

So don't forget your password! (or don't lose your devices). And don't write your password on a sticky note and put it on your key, that would be the worst case scenario.


There are adapters that convert in the reverse on USB-C to USB-A, USB-C female to USB-A male, so you could put that adapter on the front of your case and plug the USB-C key into that. You still use an adapter but you keep it with the PC and you don't have to use an adapter on the iPad or iPhone. Complication: It technically is not USB spec compliant but it usually works with USB data devices, it's if you do something stupid like try to wire two USB-A devices together that it can screw things up.
Click to expand...
I do this so I don’t have to crawl underneath my desk to plug in a key.
 
xbjllb said:
Two-factor authentication is enough major PITA. I don't work for the NSA, so major pass.

Anyone else want a phone dongle?

Wonder how long it will be before a future iOS update turns it on by default.

Here's a scenario; some of the ppl using these things will be dealing with nuclear emergencies and will lose their dongle and backup dongle or have them appropriated for espionage. Doesn't anyone at Apple ever think of worst-case scenarios?

I know. Corporate culture.
Click to expand...

2FA is a total pain? So is having your bank account drained.

I don’t use sites or services that can’t be bothered to implement 2FA, at a bare minimum via SMS which I despise as it isn’t always VOIP or travel-friendly. I’ve even moved financial institutions as they refused for years to add 2FA.

Security keys FTW. Different strokes I guess.
 
  • Like
Reactions: Miicat_47, ajf.350d, 3530025 and 3 others
krspkbl said:
Decided to just cancel my order for the Yubico keys. Seems like way too much hassle. I am trying to read up on it but I'm confused and I can't be annoyed having to find an adapter any time I want to sign into something on my iPad.

Why do iPads not have NFC Apple???
Click to expand...

If you get the USB-C NFC version you are covered on iPhone, iPad as well as Macs unless you still have an iPad with lightning over USB-C.
 
more ways to lock yourself out of a perfectly good phone so you can't use it or resell it.
 
I have two of these keys. I have barely used them as they are cumbersome. If you're not a target, it's not needed. It doesn't make your life any easier. Multi-factor authentication as it is now, is sufficient for most home users.
 
nt5672 said:
Knowing how poorly Apple does services I don't expect to be able to trust this for a couple of years.

When I say trust, I mean be able to maintain the verification service without locking me out permanently. Or allowing me to change keys, or delete keys, etc.
Click to expand...
What makes you think the six-digit security code is any more reliable? When one of my daughters tries to install an app, I often don't receive the 'ask to buy' notification at all, or at best I receive it only on one device. Those push notifications from Apple can be quite unreliable at times. I can easily imagine something similar happening with the security code.
 
Last edited:
  • Like
Reactions: tomnavratil
Ethosik said:
Does Apple sell security keys? Or do I need to get something from Yubico
Click to expand...

Yubico is a popular choice but if you shop around, you can also find other providers, I believe some of them open source if that's your thing at least that was the case a year ago.
 
  • Like
Reactions: Ethosik
Looks like Yubico raised prices since yesterday, or at leat on the 5C NFC FIPS

Screen Shot 2023-01-24 at 13.24.57 PM.png
Screen Shot 2023-01-24 at 13.24.38 PM.png
 
topdrawer said:
more ways to lock yourself out of a perfectly good phone so you can't use it or resell it.
Click to expand...
Yes, but with so many logins and such dependent on phone info it might be important for some folks. Me, I’ll wait a bit and see how it works out.
 
BenGoren said:
Oh, you’re so sweet.

Since this is on company property, “they” would just log into your work account where your certainly have your personal email set up (because you trust them with your security key), and do a password reset with your security key. Or, if necessary, they’ll put a hidden camera behind your desk and record your personal passphrase as you type it.

And you would almost certainly have no legal recourse. It’s their computer to do with as they wish, and they’ll have “reasonable” suspicions that you’re engaging in corporate espionage or the like. You have no expectation of privacy at work, especially from your boss.

Again: no; please don’t do this.

b&
Click to expand...
Your advices are not bad, but here in Germany, that Company and that Boss would be f’ed up hard by the court, and probably in other EU countries, too.
 
Last edited:
  • Like
Reactions: TimFL1
Those saying that the cleaner will steal your key from work and login to your account this won’t happen because:

  • The key is a second factor, they still need the first factor which is your password
  • They cannot reset your password without your recovery key
 
  • Like
Reactions: Miicat_47 and compwiz1202
krspkbl said:
You already need 2FA enabled on your Apple account for things like Airtags, iCloud Keychain, Find my iPhone, Apple Card/Cash, and Sign in with Apple.

I don't think they'll force people to use physical keys but they'll keep pushing 2FA. As it is I don't mind having 2FA enabled as it makes my account secure.
Click to expand...
Seems they broke something with getting into iCloud from an Android. Card still work with the I can't get the code, text me blah blah, but it isn't working right on iCloud. On there, when I tap I can't get the code, it doesn't prompt to text anymore. It verifies the number then goes to help article choices. Nowhere to request a text.
 
  • Like
Reactions: TheYayAreaLiving 🎗️
Mr. Heckles said:
What’s the difference with this and the normal 5C NFC ones for $55?
Click to expand...
The FIPS ones are rated for high security use cases for governments and regulated industries. Not necessary for consumers.

www.yubico.com

YubiKey FIPS Series

Choose from six different FIPS 140-2 validated YubiKey models depending on your needs. Find the right security key today.
www.yubico.com
 
  • Like
Reactions: riverfreak, vegetassj4 and Mr. Heckles
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back