Like any form of multi-factor authentication (MFA), Security Keys for Apple ID is designed to ensure that you’re the only one who can access your account — in this case, your Apple ID account.
If used correctly, it can provide you with an extra layer of protection against phishing, social engineering scams and many other cyber attacks. The idea is that even if a hacker does know your password, they can’t access your account without also having access to the physical key.
The first layer of authentication is your Apple ID username and password. In this case, the physical key is the second layer of authentication — you need it in your possession to access your account, something which prevents attackers from remotely stealing MFA access codes sent using an app or SMS.
Because while MFA applications do help to keep accounts secure, hackers can still remotely intercept codes.
If your account is protected with Security Keys for Apple ID, it’s much harder for someone to access your account, because not only would they need your password, they’d need physical access to your device and your hardware key.