Hi everyone, i just got a new iPhone and i added it to identity.ic0.app
It has automatically be named « iCloud Passkey » and not iPhone. I just want to be sure there is no modification about system features. Only my device is linked to my nns account and not my iCloud account ?
On Apple devices, new passkeys are synchronized using iCloud synchronization. You can read about it here. Unfortunately, Apple has removed support for passkeys that are not synchronized.
However, this now means that you should be able to seamlessly login into you II on all your Apple devices that use the same iCloud account.
If you are uncomfortable with synchronized passkeys, your best option at the moment is to buy a YubiKey and use that to sign into II (and remove the Apple devices).
Well, thank you for your answer. Does that mean if my iCloud account is compromised, my nns account is also compromised ?
Depends on what you mean by “compromised”. Apple explains it on the page linked in the answer above. The article says “Passkeys sync across a user’s devices using iCloud Keychain” and “To protect against unauthorized access, any Apple ID using iCloud Keychain requires two-factor authentication.” So that two-factor authentication seems to be your only protection. This means that besides your apple id password the attacker would also need for example:
- access to an unlocked apple device of yours (that is connected to your apple id) because that would display the second-factor verification code
- access to your text messages (directly on your phone or by SIM-swap) because the article says “six-digit verification code that’s displayed on the user’s trusted devices or sent to a trusted phone number”
- some luck guessing the six-digit number (not sure how many attempts you have)
It is kind of ironic that the passkeys themselves are protected by biometric factors and were invented to eliminate passwords, but at the root of it all, at the root of the iCloud keychain, there is a simple password + otp and even password + sms mechanism.