Apple yesterday released iOS 13.3 beta to developers and public beta testers. But it comes with a new nifty feature that allows Safari users to use hardware security keys for two-factor authentication.
According to the release notes:
[Safari] now supports NFC, USB, and Lightning FIDO2-compliant security keys in Safari, SFSafariViewController, and ASWebAuthenticationSession using the WebAuthn standard, on devices with the necessary hardware capabilities.
Security keys improve account security because they are designed with an intent to cryptographically verify an individual’s identity when signing in to an online service, thereby defending users against account takeover attacks.
WebAuthn (aka Web Authentication) is a key standard as part of the World Wide Web specification developed by the FIDO alliance in an attempt to streamline the implementation specifics of authenticating users to web-based apps and services under the FIDO2 Project.
Popular browsers like Google Chrome (version 67+), Mozilla Firefox (version 60+), Microsoft Edge (version 18+), and Opera (version 54+) have all added support for WebAuthn over the past one year, with Safari for Mac gaining support for the API with macOS Catalina this September.
It’s worth noting that Sweden-based Yubico unveiled YubiKey 5Ci for the iPhone and iPad earlier this year. The Lightning-enabled key allows users to authenticate themselves to password managers, including 1Password, Bitwarden, Dashlane, and LastPass.
But its use was limited as it did not support Safari and other web browsers on the platform, with the sole exception of Brave.
Back in August, Brave became the first browser app to support secure phishing-resistant authentication via YubiKey 5Ci, letting users login to a bunch of services like Dropbox, Keeper Security, and SecMaker.
But outside of password managers and major players like Google, Microsoft, Amazon, Facebook, and Twitter, support for WebAuthn has been confined to select apps such as Dropbox, Files.com, Bitfinex, Coinbase, Bitbucket, Stripe, Nextcloud, and WordPress.
With WebKit browser rendering engine underpinning Safari and all third-party browsers available on the platform, this change should hopefully make FIDO2-compliant security keys a lot more useful.
As the need for securing identity gains momentum in the wake of data breaches, security key-based authentication solutions can go a long way towards safeguarding accounts from unauthorized access and credential stuffing attacks.
There’s no word yet on when will iOS 13.3 (and iPadOS 13.3) will become available, but you can hopefully expect it sometime next month.