With iMessage Contact Key Verification, users facing extraordinary digital threats, such as journalists, human rights activists, and government members, can choose to add additional security to their chat connection. They do this by further verifying that they are only messaging with the people they want.
Contacts Key Verification provides additional security by detecting advanced threats against iMessage servers and allowing you to verify that you are only exchanging messages with those you intend to.
How iMessage key verification of contacts works
When you use iMessage, your messages are encrypted end-to-end so that no one other than you and the person you’re exchanging messages with can read them as they’re sent between devices, not even Apple. Contact Key Verification further protects your iMessage conversations and helps verify that you’re only messaging with those you intend to.
- iMessage key verification of contacts automatically verifies that you’re exchanging messages with who you intend to. In iMessage conversations with people who have also enabled iMessage contact key verification, you’ll see a warning if there’s an error in this verification process. These warnings help ensure that even a very sophisticated attacker cannot impersonate someone else in the conversation.
- Additionally, you can manually verify contacts by comparing verification codes. When you manually verify a contact, iMessage Contacts Key Verification checks whether the code you saved matches the code provided by the iMessage servers for that contact. You will receive a warning if the verification code changes.
iMessage Key Verification Terms
To make your iMessage conversations extra secure, there are a number of conditions that you and your conversation partner must meet. We list them for you below.
- iOS 17.2, watchOS 9.2 and macOS 14.2 or newer must be installed on all devices where you are signed in to iMessage with your Apple ID
- Signed in to iCloud and iMessage with the same Apple ID
- iCloud Keychain enabled on all devices
- Two-factor authentication must be enabled for your Apple ID
- Your devices must be protected with a passcode or password
If you have a device that can’t be updated to the latest software version, you’ll need to sign out of iMessage on that device before you can enable key authentication of contacts from iMessage.
Enable key authentication for contacts
- Open Settings or ‘System Settings’ on your iPhone, iPad or Mac
- Select your name and scroll down
- Tap or click ‘Contact Key Verification’
- Turn on Authentication in iMessage
- Confirm with ‘Continue’
When you enable key verification of contacts from iMessage on any of your Apple devices, the feature will be enabled for all devices where you are signed in with your Apple ID.
Verify contacts manually
Once you enable the option, you will have the option to manually verify contacts with iMessage contacts key verification. You do this to be completely sure that you are actually exchanging messages with who you intend to do so. You can only do this if those people are saved in the Contacts app. This is how you proceed:
On-device comparison
- Open Messages and go to the conversation
- Tap the contact’s name to view the conversation details
- Scroll down and tap ‘Verify contact…’
- Once the other person also taps ‘Verify Contact’, a code will appear
- Verify the code with the contact in person, for example via FaceTime or other secure call
If the codes match, tap or click Mark as Verified to add the verification code to that person’s contact card. If the codes don’t match, you may be exchanging messages with the wrong person. It might be a good idea to stop sending messages until you are sure you are contacting the right person.
Public verification code to share
- Open Settings or ‘System Settings’ on your iPhone, iPad or Mac
- Select your name and scroll down
- Tap or click ‘Contact Key Verification’
- Select ‘Show public verification code’
- Choose ‘Copy verification code’ to share the code
You can now share the code directly with another person or post it online for others to use. Your public verification code does not contain any private information. You can also use other people’s public verification codes to verify them. Please note, the safest way is of course one-on-one by comparing manually via a device.
Use public verification code
To mark a contact as verified, you can copy and paste the person’s public verification code into the corresponding contact card to mark the contact as verified.
- At the top of the iMessage conversation, select the contact’s name.
- Tap or click Info, then choose Edit.
- In the ‘verification code’ field, enter the public verification code that the contact shared
If you don’t see the ‘verification code’ field, you may need to select the ‘Add (+)’ button, ‘More fields’ and ‘verification code’. If the contact’s public verification code matches and is verified by iMessage Contacts Key Verification, a check mark will appear in the associated contact card and next to the contact’s name in iMessage conversations. If not, it might be wise to check whether you have entered the code correctly or whether you are contacting the correct person.
Receive alerts
If iMessage Contacts Key Verification detects a validation error or other issue, you’ll get an alert in iMessage conversations with people who also have iMessage Contacts Key Verification enabled. This could be in the event of an error or when the connection is no longer secure. Click here to learn more about the different ones key verification alerts.
Learn more about iMessage key verification
With the launch of iMessage, Apple pioneered the use of end-to-end encryption in consumer communications services, so that messages could only be read by the sender and recipients. FaceTime has also used encryption since launch to keep conversations private and secure.
With iMessage Key Authentication for Contacts, Apple goes one step further and allows users facing extraordinary digital threats to choose to add extra security to their chat connection. As a ‘normal’ consumer you may not easily enable this function, but it is an extra addition for people who really need it.