Alongside a dramatic expansion of end-to-end encryption for iCloud data, Apple has two other major security announcements today. The company says that it will add support for using Security Keys to further enhance your Apple ID and iCloud account security. There’s also a new feature for iMessage in particular, which the company is called iMessage Contact Key Verification.
Security Keys
First and foremost, Apple has announced that starting in 2023, users will be able to enhance their Apple ID and iCloud account protection using hardware Security Keys. This means you will have a physical hardware device that you can setup to serve as the second layer of two-factor authentication for your account.
Apple tells 9to5Mac that this Security Key system integrates with its device-to-device transfer process. So once authenticate your iPhone with the Security Key, you won’t have to do it again if you get a new iPhone so long as you use the device-to-device setup transfer process when setting up a new iPhone.
Additionally, the company says that trusted devices already signed in to your Apple ID won’t be signed out when you authenticate using the Security Key feature. Instead, the addition of a Security Key is meant to stop advanced attacks where the person may attempt to log-in to your Apple ID on an unknown, untrusted device. “This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam,” Apple says.
Apple itself won’t be making a hardware Security Key. Instead, it will tap into third-party offerings. The company is working with the FIDO Alliance to ensure cross-platform compatibility with open standards.
iMessage Contact Key Verification
Second, Apple is announcing a new security safeguard for iMessage. Dubbed iMessage Contact Key Verification, this feature allows iMessage users to “further verify that they are messaging only with the people they intend.”
The feature works by alerting users with the safeguard enabled “if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications.”
Both users communicating via iMessage must have the Contact Key Verification feature enabled. For yet another added layer of security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call. This verification code is accessible via the Messages app.
You can get a look at what this notification looks like in the top image of this article. When an unrecognized device is added to the other person’s account, you’ll see an in-line alert in your Messages thread saying that “an unrecognized device may have been added” to that person’s account.
9to5Mac’s Take
One thing Apple repeatedly stresses is that these features are really designed for users who face “concerted threats to their online accounts.” This includes people like celebrities, journalists, and members of the government. In particular, Apple says that the “vast majority of users will never be targeted by highly sophisticated cyberattacks.”
With that in mind, however, Apple acknowledges that these features are needed for users who might be specifically sought out. Apple tells 9to5Mac that it is not aware of any instances of iCloud servers being breached, but that it is constantly fighting off attacks.
For most people, the use of two-factor authentication is sufficient protection for Apple ID and iCloud accounts. Apple says that 95% of active iCloud accounts use two-factor authentication, making it the “most widely used two-factor account security system in the world.”
Security Keys for Apple ID will launch globally in early 2023, while iMessage Contact Key Verification will launch sometime in 2023.
FTC: We use income earning auto affiliate links. More.
Comments