Starting iOS 13.3, Apple's Safari Adds Support For Hardware Security Keys

iOS 13 - Safari

The web is a public space. With this fact, most of the time, the only way to block someone from trespassing is by using a login form.

With login forms, websites and web services are putting a locked door, which opens only when an authorized person signs in with the correct username/email and password combination. But in the modern days of the internet, that door alone isn't enough.

This is why two-factor authentication was created.

Using this method, websites can grant access only when users successfully present two pieces of evidence to their authentication mechanism. This second method of authentication can come from an SMS message, code from an authenticator, or others that also include a physical hardware security key.

And Apple's Safari web browser here, is starting to support hardware security keys starting iOS 13.3.

At the release of iOS 13.3 beta to developers and public beta testers, Apple introduced new nifty features that include allowing Safari users to use their hardware security key as a method for two-factor authentication.

These security keys improve account security because they are designed with an intent to cryptographically verify an individual’s identity when signing in to an online service. This in turn should defend users against account takeover attacks from hackers.

According to Apple's iOS 13.3 beta release notes:

"[Safari] now supports NFC, USB, and Lightning FIDO2-compliant security keys in Safari, SFSafariViewController, and ASWebAuthenticationSession using the WebAuthn standard, on devices with the necessary hardware capabilities."

Related: The Internet Is Killing Password By Making 'WebAuthn" An Official Web Standard

Previously, a Swedish tech firm Yubico unveiled YubiKey 5Ci for the iPhone and iPad. The Lightning-enabled key allows users to authenticate themselves to popular password managers like 1Password, Bitwarden, Dashlane, and LastPass.

However, its use was extremely limited, as it didn't support Safari or other popular web browsers working in Apple's ecosystem, with the exception of Brave.

But with iOS 13.3, Apple updates its WebKit, the rendering engine that underpins Safari and all third-party browsers on the platform. As a result, the change can make FIDO2-compliant USB security keys a lot more useful.

With Safari support, hardware security keys can become the useful tool that can more convenient than software-based two-factor authentication, because there's no need for users to enter a security code.

Users simply need to plug their security key to an their device to authenticate.

The move by Apple is predicted and certain, most notably because securing users accounts have been more crucial than ever, following the momentum of data breaches that happened throughout the web,

With hardware security key support, Apple can make sure that users of its Safari web browser can better safeguard their accounts from unauthorized access, phishing attacks or brute force hacks.

Related: FIDO Alliance And W3C Bring 'WebAuthn' For Password-Free Authentication