Examining Security Keys with Duane Waddle – TMO Daily Observations 2023-01-24
One of the biggest changes introduced in this week’s OS updates from Apple is the across the board option to use physical security keys for iPhone, iPad, and the Mac. Info-sec guy Duane Waddle joins Ken to talk about what they are, their implementation, and possible futures for the tech.
Remember here that a single physical key of this sort is used for ONE account somewhere. Maybe an online account, maybe a login to your computer, conceivably one particular secure data server. If you have multiple accounts to protect, you’ll need multiple keys, same as your traditional metal house keys.
Physical security keys of this sort — mainly YubiKey — are examples of the FIDO Alliance version 1. FIDO version 2 is now up, and it’s called Passkeys, newly supported (along with the physical keys) in MacOS Ventura and iOS 16. This is where your passwords are headed. The average person will have many different passkeys saved to their iPhone and iCloud, and perhaps one physical key for that one really important account the bad guys want most.