Technologies

New iOS Login Tech Makes It Super Hard to Hack Your iCloud

Hardware security keys are the «gold standard» for locking down your online accounts. Along with passkeys, they can help wipe out feeble passwords.

Apple now lets you protect your Apple ID and iCloud account with hardware security keys, a physical login technology that offers maximum protection from hackers, snoops and identity thieves.

Hardware security keys are small physical devices that communicate with USB or Lightning ports or with NFC wireless data connections when you’re logging on to a device or in to an account. You must have keys in your possession to use them, so they’re effective at thwarting hackers trying to reach your account remotely. And because they won’t work on fake login sites, they can thwart phishing attacks that try to fool you into typing your password onto a counterfeit website.

Support for the keys arrived Monday with iOS 16.3 and MacOS 13.2, and on Tuesday, Apple published details on how to use security keys with iPhones, iPads and Macs. The company requires you to set up at least two keys.

The move follows hardware security key support from other tech companies, like Google, Microsoft, Twitter and Facebook parent Meta. The US Cybersecurity and Infrastructure Security Agency, or CISA, says security keys are the «gold standard» of multifactor authentication.

Apple has been working to tighten security in recent months, stung by iPhone breaches involving NSO Group’s Pegasus spyware. Apple’s Advanced Data Protection option arrived in December, giving a stronger encryption option to data stored and synced with iCloud. And in September, Apple added an iPhone Lockdown Mode that includes new guardrails on how your phone works to thwart outside attacks.

A big caveat, though: Although hardware security keys and the Advanced Data Protection program lock down your account better, they also mean Apple can’t help you recover access.

«This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government,» Apple said in a statement. «This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.»

Industry tightens login security

The technology is part of an industrywide tightening of authentication procedures. Thousands of data breaches have shown the weaknesses of traditional passwords, and hackers now can thwart common two-factor authentication technologies like security codes sent by text message. Hardware security keys and another approach called passkeys offer peace of mind even when it comes to serious attacks like hackers gaining access to LastPass customers’ password manager files.

Hardware security keys have been around for years, but the Fast Identity Online (FIDO) Alliance has helped standardize the technology and integrate its use with websites and apps. One big advantage on the web is they’re linked to specific websites, for example Facebook or Twitter, so they thwart phishing attacks that try to get you to log in to fake websites. They’re the foundation for Google’s Advanced Protection Program, too, for those who want maximum security.

You need to pick the right hardware security keys for your devices. To communicate with relatively new models of both Macs and iPhones, a key that supports USB-C and NFC is a good option. Apple requires you to have two keys, but it isn’t a bad idea to have more in case you lose them. A single key can be used to authenticate to many different devices and services, like your Apple, Google and Microsoft accounts.

Yubico, the top maker of hardware security keys, announced on Tuesday two new FIDO-certified YubiKey models in its Security Key Series suited for consumers. They both support NFC, but the $29 model has a USB-C connector and the $25 model has an older style USB-A connector.

The number of Americans hit by data breaches in 2022 increased 42% compared with 2021, the Identity Theft Resource Center said in January. For some advice on online safety, check my colleague Bree Fowler’s tips for improving your online privacy.

Passcodes and security keys better than passwords

Google, Microsoft, Apple and other allies are also working to support a different FIDO authentication technology, called passkeys. Passkeys are designed to replace passwords altogether, and they don’t require hardware security keys.

Passkeys and security keys are complementary, FIDO Alliance Executive Director Andrew Shikiar said in a Wednesday speech at a conference about online identity matters. Either is a big improvement over passwords alone or passwords combined with login codes sent by text message or retrieved from an authenticator app, he said.

«We need to have a fundamental shift in how people authenticate from something that’s inherently knowledge-based — something you know, something that sits on a server, that’s in your head, that you enter and transmit over a network — to something that’s inherently more possession based,» Shikiar said of the alliance’s push to move away from passwords and login codes.

With the FIDO technology like passkeys or security keys, the authentication process takes place right where you are, for example with passkey biometrics or hardware security key possession, so it’s much harder for a remote attacker to compromise.

Technologies

Today’s NYT Connections: Sports Edition Hints and Answers for April 8, #562

Here are hints and the answers for the NYT Connections: Sports Edition puzzle for April 8 No. 562.

Looking for the most recent regular Connections answers? Click here for today’s Connections hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle and Strands puzzles.

Today’s Connections: Sports Edition is a tough one. If you’re struggling with today’s puzzle but still want to solve it, read on for hints and the answers.

Connections: Sports Edition is published by The Athletic, the subscription-based sports journalism site owned by The Times. It doesn’t appear in the NYT Games app, but it does in The Athletic’s own app. Or you can play it for free online.

Read more: NYT Connections: Sports Edition Puzzle Comes Out of Beta

Hints for today’s Connections: Sports Edition groups

Here are four hints for the groupings in today’s Connections: Sports Edition puzzle, ranked from the easiest yellow group to the tough (and sometimes bizarre) purple group.

Yellow group hint: Working out.

Green group hint: Cover your face.

Blue group hint: NFL players.

Purple group hint: Leap.

Answers for today’s Connections: Sports Edition groups

Yellow group: Exercises in singular form.

Green group: Sporting jobs that require masks.

Blue group: Hall of Fame defensive ends.

Purple group: ____ jump.

Read more: Wordle Cheat Sheet: Here Are the Most Popular Letters Used in English Words

What are today’s Connections: Sports Edition answers?

The yellow words in today’s Connections

The theme is exercises in singular form. The four answers are crunch, plank, situp and squat.

The green words in today’s Connections

The theme is sporting jobs that require masks. The four answers are catcher, fencer, football player and goaltender.

The blue words in today’s Connections

The theme is Hall of Fame defensive ends. The four answers are Dent, Peppers, Strahan and Youngblood.

The purple words in today’s Connections

The theme is ____ jump. The four answers are broad, high, long and triple.

Technologies

The $135M Google Data Settlement Site Is Live — See If You’re Eligible

Use the settlement website to select your preferred payment method, and you may end up $100 richer.

You can now file a claim in the $135 million Google data settlement. The case centers on claims that Android devices transmitted user data without consent. Specifically, the class action lawsuit Taylor v. Google LLC contends that Google’s Android devices passively transferred cellular data to Google without user permission, even when the devices were idle. While not admitting fault, Google reached a preliminary settlement in January, agreeing to pay $135 million to about 100 million US Android phone users.

The official settlement website for the lawsuit is now live. The final approval hearing won’t occur until June 23, when the court will consider whether Google’s settlement is fair and listen to objections. After that, the court will decide whether to approve the $135 million settlement.

In the meantime, if you qualify and want to be paid as part of the settlement, you can select your preferred payment method on the official website. There, you can find information on speaking at the June 23 court hearing and on how to exclude yourself or write to the court to object by May 29.

As part of the settlement, Google will update its Google Play terms of service to clarify that certain data transfers do occur passively even when you’re not using your Android device, and that cellular data may be relied upon when not connected to Wi-Fi. This can’t always be disabled, but users will be asked to consent to it when setting up their device.

Google will also fully stop collecting data when its «allow background data usage» option is toggled off.

Who can be part of the settlement?

In order to join the Taylor v. Google LLC settlement, you must meet four qualifications:

Be a living, individual human being in the US.
Have used an Android mobile device with a cellular data plan.
Have used the aforementioned device at any time from Nov. 12, 2017, to the date when the settlement receives final approval.
You’re not a class member in the Csupo v. Google LLC lawsuit, which is similar but specifically for California residents.

The final approval hearing is on June 23, so you can add your payment method until then. The hearing’s date and time may change, and any updates will be posted on the settlement website.

If you choose to do nothing, you will still be issued a settlement payment, but you may not receive it if you don’t select a payment method.

How much will I get paid?

It’s not currently known exactly how much each settlement class member will receive, but the cap is $100. Payments will be distributed after final court approval and after any appeals are resolved.

After all administrative, tax and attorney costs are paid, the settlement administrator will attempt to pay each member an equal amount. If any funds remain after payments are sent, and it’s economically feasible, they will be redistributed to members who were previously and successfully paid. If it’s not economically feasible, the funds will go to an organization approved by the court.

Technologies

Samsung’s Galaxy Watch Ultra 2 Might Come in 5G and 4G Cellular Models

If the rumor proves true, the 5G Galaxy Watch Ultra would rival the 5G-enabled $799 Apple Watch Ultra 3 that debuted last fall.

Samsung’s next high-end Galaxy Watch could support faster 5G speeds, but if this leak is true, it will depend on where you live. The rumored Samsung Galaxy Watch Ultra 2 might come in 5G and 4G cellular models, with availability for each smartwatch depending on the country.

According to the Dutch website Galaxy Club (and spotted by SamMobile), Samsung’s servers may have revealed a series of model numbers that point to 5G, 4G and Wi-Fi-enabled editions of the next Galaxy Watch Ultra, which would succeed the original model that debuted in 2024.

A representative for Samsung did not immediately respond to a request for comment.

The Galaxy Club website speculates that the 5G edition would be sold in the US and Korean markets, while the 4G edition would sell in the rest of the world. In the US, a 5G version of the Galaxy Watch Ultra would rival the 5G-enabled $799 Apple Watch Ultra 3, which debuted last fall. The 4G edition would have broader compatibility worldwide, since the earlier network is far more established.

It will likely be a few months until we hear anything official about the Galaxy Watch Ultra 2. Samsung typically unveils its new watches in the summer alongside its Galaxy Z Fold and Z Flip foldable phones. Last year, Samsung unveiled the Galaxy Watch 8 and the Galaxy Watch 8 Classic, but otherwise left the prior 2024 Ultra in the lineup for those looking for a larger 47mm smartwatch.