Security Keys
First and foremost, Apple has announced that starting in 2023, users will be able to enhance their Apple ID and iCloud account protection using hardware Security Keys. This means you will have a physical hardware device that you can setup to serve as the second layer of two-factor authentication for your account.
So once authenticate your iPhone with the Security Key, you won’t have to do it again if you get a new iPhone so long as you use the device-to-device setup transfer process when setting up a new iPhone.
Additionally, the company says that trusted devices already signed in to your Apple ID won’t be signed out when you authenticate using the Security Key feature. Instead, the addition of a Security Key is meant to stop advanced attacks where the person may attempt to log-in to your Apple ID on an unknown, untrusted device. “This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam,” Apple says.
Apple itself won’t be making a hardware Security Key. Instead, it will tap into third-party offerings. The company is working with the FIDO Alliance to ensure cross-platform compatibility with open standards.
iMessage Contact Key Verification
Second, Apple is announcing a new security safeguard for iMessage. Dubbed iMessage Contact Key Verification, this feature allows iMessage users to “further verify that they are messaging only with the people they intend.”
The feature works by alerting users with the safeguard enabled “if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications.”
Both users communicating via iMessage must have the Contact Key Verification feature enabled. For yet another added layer of security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call. This verification code is accessible via the Messages app.
You can get a look at what this notification looks like in the top image of this article. When an unrecognized device is added to the other person’s account, you’ll see an in-line alert in your Messages thread saying that “an unrecognized device may have been added” to that person’s account.
