Information
Apple has introduced the capability of using security keys to protect AppleIDs using two-factor authentication in macOS Ventura 13.2 and in iOS 16.3 and iPadOS 16.3. This feature along with the purchase of two hardware tokens (a backup device is required) protects against the compromise of AppleIDs. This feature requires all devices using an enrolled Apple ID to meet the minimum OS standard.
Rationale:
Users of Apple devices are supported across their devices by using the same Apple ID to support shard data in both iCloud and across devices. Compromising an AppleID has become a very attractive target for attackers to gain unauthorized access to iCloud storage and user devices. Two-factor authentication reduces the risk.
Impact:
Legacy devices and test machines will be challenging to ensure that they are all running recent Operating Systems that can utilize Security Keys. It is best practice not to use AppleIDs with access to current user data on legacy and test machines. Technical staff that use legacy devices are encouraged to create additional Apple IDs that do not need two-factor protection and can be used for testing on legacy devices when required.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Graphical Method:
Perform the following steps to set Security Keys is set to your organization's requirements:
Open System Settings
Select Apple ID
Select Password & Security
Select Add.. to add a security key, or Remove All Security Keys ro remove security keys, to meet your organization's requirements