As part of iOS 16.3, Apple announced the general availability of security key support for Apple ID accounts.
With more than 95% of active iCloud accounts currently using two-factor authentication, the availability of security key support has the potential to make a tremendous impact on modernising everyone’s approach to cybersecurity.
Apple has allowed users to take their security into their hands by enabling security keys, stating that physical security keys take their two-factor authentication even further to prevent even an advanced attacker from obtaining a user’s second factor in a phishing scam.
“With 90% of breaches being tied to stolen credentials from phishing attacks, it’s exciting to see Apple users have the option to take their account security into their own hands. With the new iOS 16.3 update, users now have the option to uplevel their account security by adopting physical security keys like the YubiKey, which are the most secure form of multi-factor authentication (MFA),” said Derek Hanson, VP of Standards and Alliances, Yubico.
“Legacy MFA like SMS based authentication and one-time passcodes (OTPs) have proven to no longer be sufficient enough for account protection. What has proven to protect users against today’s phishing attacks are YubiKeys because they put the user in control and only those with access to the physical key can access the account.”
As mentioned in December, it has been made very clear that not all multi-factor authentication (MFA) is created equal. Vulnerabilities with legacy forms of MFA, such as SMS, TOTPs, and mobile-based apps, continue to be the target and victims of data breaches, with attackers taking aim in record numbers in 2022.