Mobile

Apple @ Work: Explaining Security Keys for Apple IDs


Apple @ Work is brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that fully integrates 5 different applications on a single Apple-only platform, allowing Businesses to easily and automatically deploy, manage & protect all their Apple devices. Over 38,000 organizations leverage Mosyle solutions to automate the deployment,  management, and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.

Apple debuted physical security key support with iOS 16.3 and macOS 13.2 and the feature works great with iPhone, iPad, Mac, and the web. This feature is designed for those who want another layer of protection against targeted attacks such as phishing or social engineering scams. Especially if you’re in a position that would be targeted for attack (celebrity, C-level business executive, etc) then Security Keys are a smart addition to your overall account security posture. Let’s dive into how they work.

About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.


What are Security Keys for Apple IDs?

A security key is a small external hardware device that looks like a thumb drive or tag. It’s used for verification when signing in with your Apple ID using two-factor authentication. Instead of the conventional six-digit verification code to send an authorized, the security key acts as the second piece of information that’s needed to log in. This strengthens the two-factor authentication process and helps prevent your second authentication factor from being intercepted or requested by hackers.

Requirements for using Security Keys

To utilize Security Keys for Apple ID, you need at least two FIDO® Certified security keys that work with the Apple devices you use on a daily basis. Also, your devices must have iOS 16.3, iPadOS 16.3, or macOS Ventura 13.2 or newer. Importantly, two-factor authentication must be on the Apple ID already.

Limitations of Apple’s Security Keys implementation

While Security Keys offer enhanced protection for your Apple ID, there are certain limitations with them. You can’t sign in to iCloud for Windows, or with older devices that can’t be updated to a software version that supports them. So if your iPad is stuck on iPadOS 15, you’ll be unable to use your Apple ID on that security with a Security Key.

A big limitation is that Child accounts and Managed Apple IDs aren’t supported currently, but I am hoping Managed Apple IDs are coming in the future as they’ll be a key security piece for businesses. Especially as Apple continues to deploy new features for Managed Apple ID, this feature will be critical for security teams.

Adding security keys to your account

You can add up to six security keys to your account. However, you need a passcode or password set up on the device that you use to add security keys. During setup, you’re signed out of inactive devices, which are devices associated with your Apple ID that you haven’t used or unlocked in more than 90 days. To sign back into these devices, you’ll use a security key to authenticate. This is a helpful feature if you frequently test new devices.

If you’re using an iPhone or iPad, the process to add security keys is quite simple. You’ll start by opening the Settings app and tapping on your name. From there, go to Password & Security and select Add Security Keys. Follow the onscreen information to add your keys. During this process, you’ll have the opportunity to review the devices associated with your Apple ID. You can choose to stay signed in to all active devices or select specific devices that you no longer want to have access to your account and sign them out. If at any point you decide to stop using security keys, simply return to the Password & Security section under your name in the Settings app, tap on Security Keys, and then select Remove All Security Keys. If you remove all security keys, your Apple ID will revert to using the six-digit verification code for two-factor authentication.

For the Mac, the process is slightly different but still easy. From the Apple menu, choose System Settings and then click on your name. Click on Password & Security and then next to Security Keys, click Add. Follow the onscreen instructions to add your keys. Just like on iOS, you’ll have the chance to review the devices associated with your Apple ID. You can choose to stay signed in to all devices or select specific devices that you no longer want to have access to your account and sign them out. If you decide to stop using security keys, open System Settings, click your name, then click Password & Security. Click on Security Keys, then click Remove All Security Keys. Like with iOS and iPadOS, if you remove all security keys, your Apple ID will revert to using the six-digit verification code for two-factor authentication.

Wrap-up

While Security Keys aren’t for everyone, they are extremely useful for folks concerned about security. I think a clear limitation of them is support for Managed Apple IDs, and while they are gaining a number of new features this call, support for Security Keys isn’t one of them. I suspect it’ll appear in the coming years, though

Apple @ Work is brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that fully integrates 5 different applications on a single Apple-only platform, allowing Businesses to easily and automatically deploy, manage & protect all their Apple devices. Over 38,000 organizations leverage Mosyle solutions to automate the deployment,  management, and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.


FTC: We use income earning auto affiliate links. More.