No security system is flawless. The only thing that can be done, is making continuous improvements.
And this time, Apple has further tightened the security of its ecosystem, by adding support for physical security keys. Starting iOS 16.3 (and iPadOS 16.3 or macOS Ventura 13.2), users can use physical security keys to verify their Apple ID login in place of a passcode.
This should greatly improve the security of their accounts.
What the physical security keys do, is working in tandem with Apple's existing two-factor authentication (2FA) method.
Users who already have 2FA set up for their accounts, should be familiar with logging into their new Apple device using their email address and password and then having a six-digit code sent via SMS or to another device that they're already logged in on.
This is where the security key plays in role, in which it replaces that second step, the passcode.
2FA adds an extra step to the login process, in addition to a username and password
The idea of having a security key for a 2FA method is that, having a physical key is more secure than a password, which can be guessed, brute-forced, or viewed over the shoulder.
Furthermore, according to Apple in a dedicated support page, using security key provides "extra protection from targeted attacks, such as phishing or social engineering scams."
Apple said this because it knows that scammers have tricks under their sleeves, which include tricking users into revealing their passcode.
Scammers cannot ask for physical keys, and that users should also find it much difficult to hand over their physical keys to anyone else but themselves.
Once users have set up their physical security keys as an extra step, using it only involves users directly plugging in the key into the Lightning or USB port of the device.
Or, for users on iPhones, they can simply use the key using NFC.
To enable this feature, users must first acquire a physical security key
Then, they need to have 2FA switched on for your account, by navigating to their device's Settings. From there, users can then tap on their name at the top at the Settings page, and choose 'Password & Security'.
Choose Add Security Keys to be directed through the process of associating them with users' Apple ID. At the same time, users can review all the devices that are currently linked to their Apple ID.
Apple said that it only supports physical security keys that are certified to work with the FIDO (Fast ID Online) standard, and with the right connections for users' devices: NFC (iPhones) only, Lightning, USB-C, or USB-A.
Users must add at least two security keys to their account, and users can add up to six.
Apple requires users to register at least two so that users have a backup in case they lose one.
"As threats to user data become increasingly sophisticated and complex, these new features join a suite of other protections that make Apple products the most secure on the market," said Apple in a newsroom post.