Apple launching new iMessage Contact Key Verification and Security Keys for Apple ID
Apple has announced that in addition to its new Advanced Data Protection end-to-end encryption expansion for almost all iCloud data categories, new iMessage Contact Key Verification and Security Keys for Apple ID will be available beginning later this year, allowing users to verify they are communicating only with whom they intend via iMessage, and giving the option to require a physical security key to sign in to their Apple ID account.
With iMessage Contact Key Verification, “users who face extraordinary digital threats” — such as journalists, human rights activists, and members of government — can choose to further verify that they are messaging only with the people they intend.
Conversations between users who have enabled iMessage Contact Key Verification will receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications. And for even higher security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call.
With Security Keys, users will have the choice to make use of third-party hardware security keys to enhance their Apple ID protection. This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government.
— theapplepost.com (@theapplepost) December 7, 2022
For users who opt in, Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two factors. This takes Apple’s two-factor authentication further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.
Both iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in early 2023.