Two of the world’s largest ‘tech’ organisations have now decided to merge their efforts to support hardware security keys & devices that create unique cryptographic keys.
A range of new security ‘choices’ has been released by Google in order to allow hardware security keys & devices to fully authenticate by generating unique cryptographic keys.
These latest updates now mean it should now be totally feasible to sign-in through ‘tapping a key’ to the back of an iPhone, using protocols from near-field communication.
Also, it means that security keys can be linked to a device where login is through USB, Lightning, or Bluetooth connections.
They can be used as a ‘2nd proof’ during a secure authentication process, after users have first successfully entered both their username & password.
Jake Moore, Cyber-security Specialist at ESET commented “Security keys are simply a fantastic way of authenticating a user & placing iron-clad security on accounts which may be susceptible to phishing & other forms of attacks.
“Security keys usually work remarkably well & quickly, but in the past some have not been so efficient, making users fall back to their previous ways & bypassing their functionality.”
iOS devices have supported security keys for a while, with users able to ‘pair’ security keys with their iPhones so as to secure accounts further by both a password & a cryptographic signature generated on the security key.
New security ‘options’
- USB-A & Bluetooth Titan Security Keys have NFC functionality built-in, allowing tap in via key to the back of an iPhone when prompted at sign-in.
- Lightning security key like the YubiKey 5Ci or any USB security key with an Apple Lightning to USB Camera Adapter.
- Use a USB-C security key connected directly to an iOS device that has a USB-C port (like an iPad Pro).
Apple products users can now use ‘Titan Security Keys’ to thwart phishing & threats via Google accounts.
Google & Apple
Moore observed “With Google & Apple working in unison, they will soon make users understand the seriousness & security potentials on offer. We know that most users favour convenience over security so anything that makes the user experience easier makes the online.”
Google has made their announcement as part of its ‘Advanced Protection Program’ by means of a blog post – to help protect people at risk of targeted malicious software attacks.
This post explained, “we’re rolling out a change that enables ‘native support’ for the W3C WebAuthn implementation for Google Accounts on Apple devices running iOS 13.3 & above.
“This capability, available for both personal & work Google Accounts, simplifies your security key experience on compatible iOS devices & allows you to use more types of security keys for your Google Account & the Advanced Protection Program.”
In January 2020, Google’s Advanced Protection Program team did confirm that both iPhones & Android devices can be used as security keys in order to access accounts.