No it's not, your username is the identity you're attempting to authenticate.
Think of authentication like proving who you are to someone. Simply saying your are 'Your Name' does not prove anything.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Explains iOS 16.3's New Security Keys Feature
- Thread starter MacRumors
- Start date
- Sort by reaction score
Think of authentication like proving who you are to someone. Simply saying your are 'Your Name' does not prove anything.
But my mom told me I was a very special snowflake 😂 the groups blasting out the majority of phishing attacks and other malware that are successful, this doesn't address any of that. People will jump on this then use debit cards in retail swipe or tap scanners not turn off settings on their devices that make them vulnerable.
Those new keys are nicely priced. I wonder when they will come out.
If you don’t think you’d be able to manage security keys, you absolutely 100% shouldn’t use them.
These people are acting like they are forced to use these keys.
That’s not how second factor is typically described.
Your username and password is the first factor.
The second factor is
* something you know (security questions, another password or PIN)
* something you have (like these security keys)
* something you are (biometric)
people that shouldn't get suggested to do so all the time and then end up with a brick.
I find it very interesting that we are now back to "keys" of some sort for more secured security. Yet another physical object to track and lose -- LOL. Sigh.
Is it just me or does it feel like we're kinda going full circle? While these aren't the kinds of keys with notches (like for doors) these are hardware items. In terms of usage from the end-user experience, it doesn't feel that different than slotting in a regular key into a door lock.
Is it just me or does it feel like we're kinda going full circle? While these aren't the kinds of keys with notches (like for doors) these are hardware items. In terms of usage from the end-user experience, it doesn't feel that different than slotting in a regular key into a door lock.
people are making mistakes by carrying them on their Keys chains and they are breaking. of course, they break if they are in your pockets, etc. common sense is needed. They are not indestructible for those that use them with no care.
Is it possible to use the keys to unlock the iPhone and Mac or iPad on cold start.
Good to see security key support. Good support article by Apple also.
Good point.
When you get used to using security keys, though, theres’s hardly any friction at all.
And worth noting that most security key-based 2FA implementations also include recovery codes.
Passkeys offer something conceptually similar to security keys, too, essentially using something you own to authenticate.
But sure. There’s always the potential to lose something. You just have to be a little more deliberate with keys.
Not sure what this means. They aren’t used for securing access to your phone. And they do nothing for securing confidential information that may be stored on your phone, at least not with 1st party apps. Some 3rd party apps DO support hardware tokens.
With this latest update, Apple now lets you secure your Apple ID account with a hardware token. This isn’t a second factor for your device passcode.
I didn’t know most security keys come with recovery codes. Do you know if these codes can be used on the iPhone, iPad, or Mac in lieu of a missing key?
Long time Yubi Keys user, finally Apple. Better late than never.
Although all the iOS devices I have are on 16.3, I am kinda hesitating to upgrade my work station to Ventura so I can replace 2FA with Yubis and elevate the E2E encryption on wider range of services.
Although all the iOS devices I have are on 16.3, I am kinda hesitating to upgrade my work station to Ventura so I can replace 2FA with Yubis and elevate the E2E encryption on wider range of services.
The codes are generated by individual services when you enable 2FA and add a security key to the account.
Some sites give you a series of one-time use codes. Others give you only one. Typically you’d save this meta information in a password manager, maybe one distinct from your primary password manager or even simply printed and stored offline.
You can then use these codes on ANY device should you lose a key. This has the effect of disabling 2FA typically.
But the preferred method is to add multiple keys. If one dies, breaks, or is lost, you buy a replacement. Then you grab your backup key, login and then add your NEW replacement key. You do this for every account. A password manager with a good system of tracking meta information makes this all much simpler.
Personal responsibility is not a fad or to be used as a cop-out.
You could have saved money if you had bought the blue keys instead of the black ones.
2 times cheaper and are compatible with Fido and Fido2 too.
I bought for my iCloud account and work perfectly.
Work with google, facebook and twitter too.
Requiring two keys is a smart move in my opinion. If they didn't do that, the amount of requests for support from people who misplaced their one and only key would go through the roof.
When dealing with billions of users, 98% of whom aren't tech-savy, you must enforce good security practices one way or the other. If you merely recommend using two keys, rather than enforce it, then most of the users will ignore that because they'll think they know better and s.hit only ever happens to other people.
When dealing with billions of users, 98% of whom aren't tech-savy, you must enforce good security practices one way or the other. If you merely recommend using two keys, rather than enforce it, then most of the users will ignore that because they'll think they know better and s.hit only ever happens to other people.
I like that price much better than the standard price of $89. If iPhone gets USB-C this year, I will get 6 of those $29 keys.
They are very durable ; enough so that they market them to be able to be put on a keychain, which I did in the past with no problems.
I'd wager it's pretty indestructible as long as you don't do something really stupid, like folding it in half, or throwing it into a fire.