Apple yesterday released iOS 13.3 beta to developers and public beta testers. But it comes with a new nifty feature that allows Safari users to use hardware security keys for two-factor authentication.

According to the release notes:

[Safari] now supports NFC, USB, and Lightning FIDO2-compliant security keys in Safari, SFSafariViewController, and ASWebAuthenticationSession using the WebAuthn standard, on devices with the necessary hardware capabilities.

Security keys improve account security because they are designed with an intent to cryptographically verify an individual’s identity when signing in to an online service, thereby defending users against account takeover attacks.

It’s worth noting that Sweden-based Yubico unveiled YubiKey 5Ci for the iPhone and iPad earlier this year. The Lightning-enabled key allows users to authenticate themselves to password managers like 1Password, Bitwarden, Dashlane, and LastPass.

But its use was limited as it did not support Safari and other web browsers on the platform, with the sole exception of Brave.

[youtube https://www.youtube.com/watch?v=GL97M-h77a0?feature=oembed&w=500&h=281]

The app became the first web browser to support secure phishing-resistant authentication via YubiKey 5Ci, letting users login to a bunch of services like Dropbox, Keeper Security, and SecMaker.

With WebKit browser rendering engine underpinning Safari and all third-party browsers available on the platform, this change should hopefully make FIDO2-compliant USB security keys a lot more useful.

As the need for securing identity gains momentum in the wake of data breaches, security key-based authentication solutions can go a long way towards safeguarding accounts from unauthorized access and credential stuffing attacks.

There’s no word yet on when will iOS 13.3 (and iPadOS 13.3) will become available, but you can hopefully expect it sometime next month.

https://thenextweb.com/security/2019/11/13/safari-gets-support-for-hardware-security-keys-with-ios-13-3/

Leave a Reply