Apple has been rolling out updates to its iOS software this past week and one of the more useful things users will find on their patched-up iPhones is the ability to use a physical security key like YubiKey when they log in with their Apple ID.
This means instead of using regular multi-factor login methods such SMS or over an app, you can connect to, say, your Apple iCloud account with a hardware token.
SMS, in particular, has been proven to be insufficient to thwart hackers that are determined and sophisticated enough to divert these messages sent over the mobile network to get into victims’ accounts.
A hardware token is harder to crack as the hacker needs to get hold of the physical device to complete the second part of the login process.
If this sounds like a return to those days with the banking token, this is isn’t – the technology is actually an upgrade.
The commonly used YubiKey devices by Yubico, which is based in Sweden and the United States, now are smart enough to be managed by users easily. In other words, no need to go to the bank (or Apple) to get a token.
Some versions also rely on the trusted Fido standard that lets users authenticate themselves with password-less biometics easily and securely.
All a user has to do is buy and add the keys (you need two, one for backup) to his iPhone and use them to unlock his Apple accounts whenever he has to.
Most YubiKeys use USB to connect to a PC or Mac but there are versions that support the wireless near-field communications (NFC) standard used on an iPhone. A basic key starts from US$25.
