On Tuesday, as expected, Apple released iOS 13.3, iPadOS 13.3, tvOS 13.3, and watchOS 6.1.1 to the public, bringing bug fixes and performance improvements, as well as one big new security improvement: support in its Safari browser for two-factor authentication (2FA) hardware tokens such as Yubico’s Yubikey.
We’ve talked about these tokens before, and we like them.
As we’ve noted – most particularly when crooks have managed to steal people’s 2FA codes – hardware tokens based on the FIDO U2F or WebAuthn specifications, such as Yubico’s Yubikey or Google’s own Titan, are resistant to phishing and can’t be intercepted with a SIM-swap attack.
In its Tuesday updates, Apple added support for FIDO2-compliant security keys that make use of near-field communications (NFC), USB, and Lightning.
With the update, you can now authenticate by using the YubiKey 5 NFC or Security Key NFC: you just tap the YubiKey at the top of an iPhone (available on the iPhone 7 and above). You can also do physical authentication with the YubiKey 5Ci: you just plug it into the Lightning or USB-C port of an iPhone or iPad. ZDNet published a nice little gallery showing these keyfobby gadgets and where you insert them into your iThings.
Apple had detailed official support for the security keys in the iOS 13.3 beta 2 release notes:
Safari
New Features
Now supports NFC, USB, and Lightning FIDO2-compliant security keys in Safari, SFSafariViewController, and ASWebAuthenticationSession using the WebAuthn standard, on devices with the necessary hardware capabilities.
Turn that thing OFF and go do XYZ
In other privacy/safety news, the updates include something that should make parents happy: Communication Limits in Screen Time.
This gives parents more control over who they – or their kids – can call, FaceTime, or Message. It lets you set specific limitations on when and with whom you can communicate. During downtime, you can limit your list to certain people. Also, a contact list for children lets parents manage the contacts that appear on their children’s devices.
After a certain time of day – say, when the kids are supposed to be doing their homework, or sleeping, parents can use the feature to block their communication with everyone except mom and dad. Screen Time Communication Limits apply to the Phone app, Messages app, and FaceTime.
Incognito Mode in Google Maps
Here’s another piece of privacy news for iOS-ers: Google is rolling out Incognito Mode in Google Maps for Apple iOS users.
On Monday, Marlo McGriff, Google Maps Product Manager, said that Incognito mode will work on iOS the same as on Android:
The places you search for or navigate to won’t be saved to your Google Account and you won’t see personalized features within Maps, like restaurant recommendations based on dining spots you’ve been to previously.
Google, the data gobbler that’s been accused of secretly tracking users’ locations and which has faced allegations of its “deceitful” tracking being against EU law, announced the new Incognito Mode for Maps in October.
Incognito mode in Maps will keep your device from recording your Maps activity on that device.
If you share a device with, say, your partner, they won’t know that you’ve searched Maps for jewellery stores to buy an engagement ring, nor if your route then included a stop at the Golden Banana club before you headed home.