Connect with us

Technology

Apple passkey technology transforms Mac security with biometric authentication, encrypted storage

Published

on

Apple passkey technology transforms Mac security with biometric authentication, encrypted storage

NEWYou can now listen to Fox News articles!

Your Mac holds a lot more than just files. It carries your personal information, payment data, messages and every online account you access. Keeping that information safe starts with how you sign in. For years, passwords have been the standard way to protect accounts, but they are also one of the weakest links in digital security. They can be guessed, stolen or reused across multiple sites.

Apple’s introduction of passkeys marks a major step forward. Instead of relying on something you need to remember, passkeys rely on something you have (your trusted Apple device) and something you are, like your fingerprint or face. Together with iCloud Keychain and two-factor authentication, passkeys create a seamless and much safer way to secure your Mac and your digital life.

What are passkeys?

Passkeys are a modern alternative to passwords. They use public key cryptography to let you sign in without ever creating or typing a password. When you register for an account using a passkey, your Mac creates two unique keys. One is public and stored by the website or app, and the other is private and stays securely on your device.

The public key is not sensitive information. The private key, on the other hand, never leaves your Mac and is protected behind your device’s security features. When you sign in, Touch ID or Face ID confirms your identity before your Mac uses the private key to authenticate you. This process prevents phishing and password leaks because no shared secret is ever transmitted to the website.

Advertisement

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

HOW TO USE PASSKEYS TO KEEP YOUR COMPUTER SAFE

A passkey on your Mac replaces passwords with a faster, more secure way to sign in. (Kurt “CyberGuy” Knutsson)

How Apple keeps passkeys secure

Passkeys are stored and synced across your devices through iCloud Keychain, which is protected by end-to-end encryption. This means that not even Apple can access your passkeys or passwords. iCloud Keychain also has built-in protection against brute force attacks, even if someone were to gain unauthorized access to Apple’s servers.

If you lose your devices, you can still recover your passkeys through iCloud Keychain recovery. To do this, you must sign in with your Apple ID and password, verify your identity with a code sent to your trusted number and confirm using your device passcode. The system limits the number of attempts, and if too many failed attempts occur, the recovery record is locked or destroyed to prevent misuse.

Advertisement

You can also set an account recovery contact to make sure you never lose access, even if you forget your Apple ID password or device passcode. This multi-layered design ensures that your data remains secure even in extreme scenarios, such as a compromised Apple account or cloud breach.

How to set up passkeys on your Mac

Setting up passkeys is simple and requires iCloud Keychain to be enabled.

  • Choose the Apple menu, then select System Settings.
  • Click your name, then click iCloud.
  • Click Passwords. In macOS Sonoma or earlier, click Passwords & Keychain.
  • Click Sync this Mac, then click Done.
  • When you sign up for a website or app that supports passkeys, you’ll now see the option to create a passkey.
  • If your Mac has Touch ID, place your finger on the sensor to confirm.
  • If you are using an iPhone or iPad nearby, select Other Options and scan the QR code shown on your Mac to confirm with Face ID.
  • You can also replace an existing password by visiting the account settings of a supported website or app and selecting the option to switch to a passkey.

Once created, your passkeys are automatically stored in iCloud Keychain and available on all devices signed in with the same Apple ID.

Major services that support passkeys

Passkey adoption is growing quickly across major tech platforms. As of now, many of the biggest online services already let you sign in without a password.

Some of the key ones include:

  • Google
  • Microsoft
  • Apple
  • Amazon
  • PayPal
  • GitHub
  • Uber
  • eBay
  • WhatsApp
  • Facebook

Support for passkeys continues to expand every month as more companies integrate the technology into their login systems. On most of these platforms, you can now create new accounts or switch your existing ones to passkeys for faster, more secure sign-ins.

Each passkey is unique to your account and safely stored in your device’s iCloud Keychain. (iStock)

Advertisement

6 additional steps to keep your Mac safe

Passkeys add a strong layer of protection, but good security habits still matter. Here are more steps to strengthen your Mac’s defenses. 

1) Enable two-factor authentication

Two-factor authentication (2FA) adds another layer of protection to your Apple ID. It works by requiring two forms of verification: your password and a one-time code sent to a trusted device or phone number. This means that even if someone somehow gets your password, they still cannot access your account without also having your device.

10 WAYS TO SECURE YOUR OLDER MAC FROM THREATS AND MALWARE

2) Review your trusted devices and numbers

Regularly check which devices and phone numbers are linked to your Apple ID. On your Mac, click the Apple icon in the upper left of the screen. Then go to System Settings → Apple ID → Devices and remove anything you don’t recognize. Make sure your trusted phone number is still current, since it’s critical for account recovery.

3) Use a password manager

Even though passkeys are replacing passwords, many sites still rely on traditional logins. A password manager helps you create, store and fill in unique passwords for every account. iCloud Keychain can do this automatically across all your Apple devices, but if you want more flexibility, you might want to consider a third-party password manager.

Advertisement

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

4) Be wary of phishing attempts and install strong antivirus software

Phishing remains one of the most common ways attackers try to steal personal information. They may send fake emails or messages pretending to be from Apple or other trusted companies, urging you to click links or provide login details. Always double-check the sender’s address and avoid clicking on links that seem suspicious. Instead, visit the website directly by typing the address into your browser.

While macOS has strong built-in defenses such as Gatekeeper and XProtect, installing strong antivirus software adds another layer of protection against malware, adware and potentially unwanted programs. Strong antivirus software continuously monitors your system for suspicious behavior and can alert you to threats before they cause damage. It is especially useful if you download files from outside the App Store or connect external drives frequently.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Advertisement

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

Using a passkey with Touch ID or Face ID keeps your information protected from phishing and leaks. (Kurt “CyberGuy” Knutsson)

5) Turn On FileVault disk encryption

FileVault protects everything stored on your Mac by encrypting the entire hard drive. That means if your computer is ever lost or stolen, your data stays locked away from prying eyes. Go to System Settings → Privacy & Security → FileVault to enable it.

6) Keep macOS updated automatically

Apple regularly releases software updates that include important security patches. Cybercriminals often target outdated systems because they contain known vulnerabilities. By keeping macOS and your apps up to date, you make it harder for attackers to exploit weaknesses. To make this effortless, turn on Automatic Updates under System Settings → General → Software Update → Automatic Updates.

7) Back up with time machine

Backing up your Mac is just as important as protecting it. Time Machine automatically backs up your files to an external drive or network disk, keeping your data safe from ransomware, hardware failure or accidental deletion. Make sure your backup drive is encrypted for extra protection.

Advertisement

HOW A SINGLE MACBOOK COMPROMISE SPREAD ACROSS A USER’S APPLE DEVICES

8) Use a data removal service

Even with passkeys, your personal information can still be exposed through data broker sites that collect and sell your details. Using a data removal service can help remove your private data from hundreds of these sites automatically. It’s an effective way to reduce your online footprint and protect your identity, especially when combined with Apple’s built-in security tools.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Advertisement

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaway

Passwords have served us for decades, but they are no longer enough to protect our digital identities. Passkeys make signing in faster, easier and significantly more secure by removing the weaknesses of traditional passwords. Combined with Apple’s encryption, iCloud Keychain and two-factor authentication, they represent one of the safest ways to protect your Mac and everything on it.

Have you tried using passkeys yet on your Mac, and what was your experience like? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.  

Advertisement

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Technology

No, Flock isn’t threatening people for debating surveillance

Published

on

No, Flock isn’t threatening people for debating surveillance

We’re aware of at least two forged letters circulating on the internet, including this one, that purport to be cease-and-desist letters from our legal department. To be clear: these letters did not come from me or from anyone at Flock.

Flock welcomes and encourages public debate about our technology. We have not and would not seek to discourage, prevent, or prohibit such discussion and debate. In fact, we would be happy to participate in any such discussions the group in question might host in the future.

Continue Reading

Technology

Fake VA shoe offer targets veterans

Published

on

Fake VA shoe offer targets veterans

NEWYou can now listen to Fox News articles!

A flyer offering “free athletic shoes from VA” may look official at first glance. It uses VA-style branding, talks about health and wellness and even lists the MyVA phone number. That is what makes it so dangerous.

VA says the message falsely claims Veterans can receive free athletic shoes from VA. The agency says the promotion did not come from VA and has no connection to any official VA program.

The scam appears to be spreading through a flyer and online posts. It tells Veterans they may be eligible for free athletic shoes “at no cost to you.” It also shows popular shoe brands, steps to “redeem” shoes and a process that appears to involve a VA provider.

That may be enough to get someone to click, call, share or forward before they stop to think.

Advertisement

MEDICAL IDENTITY THEFT FOLLOWS YOU INTO THE DOCTOR’S OFFICE

Veterans are being warned not to click links, scan QR codes or share personal information tied to a fake VA shoe offer. (Kira Hofmann/picture alliance via Getty Images)

Sign up for my FREE CyberGuy Report

  • Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
  • For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
  • Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Fake VA shoe offer: what VA says

VA says the free athletic shoe promotion is fake. It did not come from an official VA program, including VPRs, Central Office or Whole Health.

That is important because the flyer borrows the look and feel of a trusted government agency. It also uses health language to make the offer sound like a wellness benefit.

But let’s be real here. A free pair of shoes can sound harmless until the next step asks for your personal details.

Advertisement

Why the fake VA shoe flyer looks so believable

This scam works because it mixes familiar names with an official-looking design. The flyer uses VA branding, a health-focused message and well-known athletic shoe brands.

It also presents the offer as a benefit. That can make people feel like they may miss out if they do not act.

Scammers know that veterans and families often deal with a lot of paperwork, benefit updates and health care messages. A fake flyer can slide into that confusion and feel more believable than it should.

How scammers use real VA details to build trust

One sneaky detail stands out. The flyer lists the MyVA number, but that alone does not make the flyer real.

Scammers often mix real information with fake offers. A real phone number, real logo or familiar agency name can make people lower their guard.

Advertisement

That is why you should verify the offer through VA.gov, your official VA account or your local VA facility before responding.

What the fake VA shoe offer could steal

The flyer may look like it is only about shoes. The bigger risk comes next.

A fake offer like this could lead to a phishing page, a bogus form, a QR code trap or someone asking for sensitive details. That could include your Social Security number, VA login information, health information, address, bank details or credit card number.

Scammers may also use the information to target you again. Once they know you responded to a fake VA offer, they may try a follow-up call, text or email.

DR OZ WARNS MEDICARE SCAMMERS ARE STEALING BILLIONS — AND YOUR PERSONAL INFORMATION COULD BE NEXT

Advertisement

A fake flyer claiming Veterans can get free athletic shoes from VA is spreading online, but the agency says it is not tied to any official program. (U.S. Department of Veterans Affairs)

What to do if you see the fake VA shoe offer

Do not share it. Do not forward it. Do not fill out a form. Do not scan any code connected to it.

Also, do not provide personal, financial or health information because of this flyer.

Instead, warn veterans, family members and colleagues without spreading the image. A quick heads-up can help someone avoid a costly mistake.

Ways to stay safe from VA scams

A few smart habits can help you spot fake VA messages before they turn into a bigger problem.

Advertisement

1) Verify the offer through VA.gov

Go directly to VA.gov or use your official VA account. Do not rely on a flyer, social media post, text message or forwarded image.

2) Do not scan QR codes or click links

A scam flyer may send you to a fake website that looks official. Type the web address yourself or search for the VA page directly.

3) Never share VA login details

Do not give anyone your VA.gov username, password or sign-in code. VA says it will not ask you to share login credentials in an email.

4) Protect personal and health information

Treat your Social Security number, address, date of birth, medical information and benefits details as sensitive. A free offer should never require that kind of information from a random form.

QR CODE EMAIL SCAM TARGETS EMPLOYEE REVIEWS

Advertisement

VA says veterans should verify suspicious benefit offers through VA.gov, an official VA account or a local VA facility. (Antonio Diaz / Getty Images)

5) Call VA using a trusted number

If you have questions, contact VA through an official phone number, the VA website or your local VA facility. Do not trust contact details from a suspicious flyer alone.

6) Report the fake VA shoe offer

Veterans who suspect fraud can report it through VSAFE.gov or call 1-833-38V-SAFE. Reports help VA and other agencies track scams that target veterans.

7) Use strong antivirus protection

Strong antivirus software can help protect you if you click a bad link, scan a risky QR code or land on a fake website tied to a scam. Good protection can block malicious pages, warn you about suspicious downloads and help stop malware before it does damage. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

8) Consider a data removal service

Scammers often use personal details found online to make fake offers feel more believable. A data removal service can help reduce how much of your information is sitting on people-search sites, including your address, phone number and other details that can be used to target you. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.

Advertisement

9) Take action fast if you responded

If you already clicked, scanned, called or shared information, change your VA.gov password right away. Use a trusted password manager to create and store a strong, unique password you do not use anywhere else. Turn on multifactor authentication if you have not already done that. Then watch your accounts for suspicious activity.

10) Warn others without forwarding the flyer

Tell family members, friends and veteran groups that the offer is fake, but do not send the flyer along with your warning. Even if your goal is to help, someone else may miss your warning, save the image or share it again. Instead, send a short message that says the free VA shoe offer is a scam and tell them to verify any VA benefit through VA.gov or their local VA facility.

Kurt’s key takeaways

A free pair of shoes can make you drop your guard, especially when the flyer uses VA branding and familiar shoe names. That is the whole trick. Scammers are using trust to push veterans and families toward a bad link, a fake form or a request for personal info. Slow down and verify it through VA.gov or your local VA facility. And if you want to warn someone, send them a message saying the offer is fake instead of forwarding the flyer itself. That keeps the scam from spreading.

Would this fake VA shoe offer have made you pause, or would the official-looking design have fooled you? Let us know by writing to us at CyberGuy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Advertisement

Sign up for my FREE CyberGuy Report

  • Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
  • For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
  • Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.

Continue Reading

Technology

I spent a week using the Trump phone — it sucks

Published

on

I spent a week using the Trump phone — it sucks

The Trump phone was never a serious phone. Not when it was announced last June, in dodgy renders and with an incoherent spec sheet. Nor when Trump Mobile admitted — just two weeks later — that it wouldn’t be made in the US. Not even when the company revealed the final phone, first to me over a video call in February and then to the world in April through a short commercial with the slick sheen of AI.

It’s now on sale for $499, past the days of its tenuous, ever-shifting release dates. A few buyers even have the phone, The Verge among them, though more still seem not to.

It’s clear now that the T1 is a real phone, but that doesn’t mean it’s a serious one. Still, for the next thousand words or so, I will try to take it seriously.

$499

The Good

  • It actually exists
  • 3.5mm headphone jack
  • MicroSD card slot
  • It basically runs stock Android

A serious phone wouldn’t look like this

The T1 Phone is a curved slab of cheap gold plastic, the smartphone equivalent of a pair of knockoff wraparound Oakleys. The gold finish — more yellow in certain light, though it certainly does shine and shimmer — is tacky in every sense, with a sticky friction that makes it feel distinctly unpleasant to the touch. My phone arrived with a tiny scratch in the top-right corner.

The phone is fairly thin, and light, but its excessively curved waterfall display feels immediately dated. It also loses one of the chief advantages of that design — better in-hand feel — thanks to the oddly angular frame, which juts into my palm as I hold it.

Advertisement

Almost every detail speaks to bad design. There’s the American flag logo, missing a stripe. The fact that “Trump Mobile” appears on the back twice, in two different orientations and two different fonts. Or the camera module, where the three lenses are spaced at irregular intervals.

Count the stripes.

I don’t think anything about this phone annoys me as much as the lens spacing.

God, I miss notification LEDs.

A headphone jack is less uncommon, but still pretty rare.

There are things to like. The 3.5mm headphone jack will have its fans, as will the microSD card slot inside the phone, or the fact that the phone ships with a case, charger, and braided USB cable. These are things that a certain type of Android fan has lamented the absence of for years.

I, for one, am more excited to be reviewing a phone with a notification light again, a true treat that I thought we’d lost forever. It’s a glimpse of a better world, one I didn’t expect from Trump Mobile of all companies. But like the curved screen, even these welcome touches betray that this is a dated, old-fashioned phone, one based on an old HTC design that already felt like a throwback two years ago.

A serious phone would work outside the US

I live in the UK, meaning I may well have the only Trump phone outside of North America. It cannot maintain any signal stronger than 2G, meaning I can use it for texts and calls but not for data. As best as I can tell from digging through the T1’s FCC certification documents, the phone simply doesn’t support the network bands commonly used in Europe.

Advertisement

The T1 Phone isn’t sold in Europe, and that misshapen flag makes its target market clear. But even Americans get to go on vacation every once in a while. From my experience, it seems unlikely that the T1 would work anywhere in Europe and perhaps not anywhere in the world outside North America.

A serious phone would use more than the minimum hardware

At first glance, the T1’s spec sheet might seem impressive enough: a 120Hz OLED screen, a 5,000mAh battery, a triple rear camera with 50-megapixel sensors.

But the truth is you could find similar specs on almost any $200 Android phone and superior ones on phones sold at this price. Hardware like this is cheap and commodified, something that’s only beginning to change thanks to the ongoing memory crisis. Here, amusingly, the T1 is generously specced: 512GB of storage and 12GB of RAM come as standard. Those, along with the inclusion of wireless charging, are the only things that really stand out on this spec sheet.

Real gold, guaranteed.

Real gold, guaranteed.

Despite all that RAM, and Qualcomm’s modestly capable Snapdragon 7 Gen 3 chipset, the T1 is often sluggish. It sometimes stutters when switching apps or triggering animations, making even basic apps like Duolingo frustrating to use. This hardware isn’t flagship, but it should certainly be more capable than this. I can only assume Trump Mobile didn’t develop the sort of software and firmware performance optimizations that other manufacturers do, handicapping the phone from the start.

Advertisement

1/16

I took the T1 Phone out with me around London to test the camera.
Photo: Dominic Preston / The Verge

I suspect the camera’s limitations are for similar reasons. The three rear lenses and single selfie camera take basic, functional photos, at least in good light — with the exception of the 8-megapixel ultrawide, which is uniformly poor.

Other phone manufacturers spend millions optimizing their image pipelines, and none of that work is evident here. Daylight photos are vivid and oversaturated, nighttime shots are noisy, and the telephoto shows no signs of electronic stabilization at all, making it feel shaky and unstable. Incredibly, by default every shot is overlaid with a strangely small T1 watermark — as if anyone should want to take credit for these photos.

1/12

While David Pierce took the excuse to test it in DC.
Photo: David Pierce / The Verge

A serious phone would have made more effort in its software

Advertisement

As the Trump phone lurched haltingly toward its launch, the going assumption from many was that it would be a bloated mess, loaded with spyware, crypto apps, and MAGA-themed experiences, putting the president’s leering face front and center.

The truth is rather more mundane. It runs Android — the nearly two-year-old Android 15, to be precise — with almost no modifications at all. This is, in fact, about as close to what the nerds call “stock” Android as you’re ever likely to get these days.

The only preinstalled apps that are out of the ordinary are Truth Social, Trump’s own social media network, and Doctegrity, a telehealth platform that’s included with Trump Mobile’s $47.45 cell service. Beyond that you get a single Trump Mobile wallpaper and those photo watermarks, and that really is that.

In a sense, that’s a good thing — I’m hardly lamenting the lack of bloatware. But there’s also no sign that Trump Mobile has the ability or the intent to optimize its phone’s software or deliver any features beyond the minimum.

Truth Social comes preinstalled, though you can get rid of it.

Truth Social comes preinstalled, though you can get rid of it.

More worryingly, Trump Mobile hasn’t announced how long it will support the phone with software updates. When I spoke to executives from the company in February, they seemed confused by my question about how many Android version updates the phone would receive, though they did insist that customers won’t “be locked into what’s there today.” For now, that means a 2024 version of Android with a February 2026 security patch; I wouldn’t hold my breath for either to be updated any time soon.

Advertisement

A serious company would put more effort in

In a strange way, the T1 Phone isn’t all that terrible, but only because it proves how hard it actually is to make a truly terrible phone these days. It’s easy enough to throw together the baseline hardware, stick Android on top, and call it a day. For better or worse, that’s more or less exactly what Trump Mobile has done. Between the simple software and the dated hardware features, the T1 is an oddly compelling phone for some old-school Android fans, but Trump Mobile got there entirely by mistake.

Premium.

Premium.

This isn’t a serious phone. It’s a marketing stunt that got out of hand, a way to grab attention and juice the subscriber count for an overpriced cell service with the president’s name on it.

Trump Mobile doesn’t care about this phone. And after the year of reporting on it that’s led to this review, I’m thrilled to finally say: Neither should you.

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
Advertisement

Continue Reading
Advertisement

Trending