Affiliate Disclosure

If you buy through our links, we may get a commission. Read our ethics policy.

Apple's iPadOS 16.3 is out with support for security keys

iPadOS 16.3 is out now

Apple has released iPadOS 16.3 to the public with support for physical security keys that can add another layer of protection for Apple ID.

The iPadOS 16.3 update is is available to download by the public. It is a relatively minor release compared to iPadOS 16.2 with its most significant feature being support for security keys.

After a long beta cycle with relatively few beta versions, Apple finally revealed that the update would also bring support for the new HomePod. It also expands Advanced Data Protection to countries outside of the United States.

iPadOS 16.3 releases alongside iOS 16.3, macOS 13.2, and the other operating system updates. The releases are mostly focused on bug fixes and performance improvements.

How to install iPadOS 16.3 on the iPad

Open the Settings app.
Select General.
Select Software Update.
Select "Update to iPadOS 16.3."

If an iPad is set to automatically update, it will handle downloading and installing iPadOS 16.3 on the user's behalf.

Follow AppleInsider on Google News

6 Comments

SHK

said about 1 year ago

I'm not "getting" the benefit to Security Keys over two factor authentication, which is easy to use and effective.
I hope AI does a story like "who needs Security Keys" to help me understand it better.

beowulfschmidt

said about 1 year ago

SHK said:

I'm not "getting" the benefit to Security Keys over two factor authentication, which is easy to use and effective.
I hope AI does a story like "who needs Security Keys" to help me understand it better.

Depends on the nature of the 2FA. A text or an email are the worst possible options because of the inherent insecurity of those systems. An authenticator app is only as good as the entity who created the app.

A Yubikey is just a number, albeit a moderately long one. And it never changes.

dewme

said about 1 year ago

beowulfschmidt said:

SHK said:

I'm not "getting" the benefit to Security Keys over two factor authentication, which is easy to use and effective.
I hope AI does a story like "who needs Security Keys" to help me understand it better.

Depends on the nature of the 2FA. A text or an email are the worst possible options because of the inherent insecurity of those systems. An authenticator app is only as good as the entity who created the app.

A Yubikey is just a number, albeit a moderately long one. And it never changes.

I totally agree that a detailed article about all of the MFA options available to Apple device owners would be greatly appreciated. There are definately some benefits and pitfalls to every available option. For example, if you only use a hardware key and lose the key without having a backup or way to restore you authentication keys to a replacement device, you could be screwed.

dewme

said about 1 year ago

It would be interesting to see how the security capabilities outlined in the article linked below map to technology and capabilities that Apple is now making available.

https://www.yubico.com/blog/passkeys-and-the-future-of-modern-authentication/

Obviously the least secure capability is username-password and the most secure capability is associated with the use of hardware security keys like the YubiKey, which Apple now supports.

Where does Apple’s PassKey fit?

Where do password managers like 1Password fit? Where do hardware keys fit for different types of users?

For example, it sounds like Apple allows users to use a properly prepared hardware key to unlock their iCloud account should it get accidentally or intentionally locked. This alone may be reason enough for some users to invest in a couple of hardware keys.

Apple seems to have a lot of information in a lot of different places. Unfortunately I haven’t come across a single article that connects more of the dots like the Yubicon article does.

JSF

said about 1 year ago

SHK said:

I'm not "getting" the benefit to Security Keys over two factor authentication, which is easy to use and effective.
I hope AI does a story like "who needs Security Keys" to help me understand it better.

"Security Keys" are a generic name for FIDO2. FIDO2 is a strong, phishing resistant form of 2FA/MFA. The older styles of MFA, OTP for example, use a cyptographic secret that is the same on both sides. The same secret key is in the Authentication app (google authenticator, for example) AND the back end service. If that service is compromised and that secret is taken by hackers, they can then login as you. A hacker can also build a fake site that looks just like the site you are trying to login to and capture your OTP secret to quickly replay and login as you. That OTP secret is in no way tied to the website you are logging into. You might be redirected to www.G00GLE.com (instead of www.GOOGLE.com) so that the hacker can intercept your login info.

FIDO2 is a public/private key cryptographic MFA solution. That means that the Security Key generates the public and private keys ON The Security Key. The Public key is sent up to the website and the Private Key is ONLY stored on the security key and can NEVER be exported. This means that you cannot login without your security key as that private key is only stored on the security key. This is a MUCH stronger method of MFA. It can also be PIN protected so that you must enter your PIN to use the Key to login. IT also is phishing resistant. The web site URL data and AppID is baked into the cryptographic secret so that if you do go to www.G00GLE.com, the authentication will not work. Again much more secure than the other types of MFA.

You might have heard of PassKeys. That is a technology pushed by Apple, Google, and Microsoft that is based on FIDO2. It is essentially the software version of FIDO. The public and private keys are generated on your computer or phone. They are then stored in you iCloud keychain and synchronized across your Apple Devices. The credentials store in iCloud Keychain are protected by a biometric or a PIN. Passkeys are a good solution, but I prefer an actual Security Key so that my private keys are secured. Not that Apple's concept is bad, but if they were hacked the private key MIGHT be exposed to a hacker.

I hope that makes sense.

Read More on our Forums

Top Stories

article thumbnail

Amazon drops Apple's M3 MacBook Air to record low $989

article thumbnail

Retro gold rush: these emulators are coming to the App Store soon

article thumbnail

The Worst of WWDC - Apple's biggest missteps on the way to success

article thumbnail

Apple's generative AI may be the only one that was trained legally & ethically

article thumbnail

Arizona TSMC facility continues to fight cultural battles, rising costs & logistical hurdles

article thumbnail

New iPad Air & iPad Pro models are coming soon - what to expect

article thumbnail

Save up to $350 on every Apple M3 MacBook Pro, plus get up to $80 off AppleCare