The most recent update for iOS, iPadOS, and macOS brought a number of improvements and other changes, but one that stands out is the introduction of support for FIDO Certified security keys for Apple IDs. Apple has since detailed how these keys work with your Apple ID, and how you can use them to secure your account.

What are security keys? What is FIDO?

Security keys are made to replace passwords, and they add a layer of protection to your account. If you have two-factor authentication, that requires you to have two different types of information to log into your account. The first is your password, and the second is typically something like a verification code. By pairing a security key, you would no longer need to rely on the traditional two-factor authentication code sent to your authorized Apple devices or via SMS. A security key can't be intercepted or stolen, unlike an authentication code that might be texted to you.

FIDO (Fast ID Online) is a set of authentication protocols aimed at eliminating passwords, developed by the FIDO Alliance. Apple, alongside Microsoft and Google, committed to supporting passwordless sign-in made possible by these authentication protocols in the middle of last year. iOS 16.3 beta 1 then brought the first level of support for these keys so that users could try them out.

What can a security key do for my Apple ID?

A security key adds an additional layer of protection to your account, and you'll need your security key after setting it up with your account to do the following:

  • Sign in with your Apple ID on a new device or on the web
  • Reset your Apple ID password or unlock your Apple ID
  • Add additional security keys or remove a security key

Because of how important security keys are to your Apple ID once you set them up, you need to have at least two of them. That means if you lose one, you can still access your account, and also means you can store a spare one in a safe place just in case. For example, if you're traveling, you may elect to leave one at home.

Setting up security keys for your Apple ID

While Apple doesn't say, user reports suggest that the FIDO protocol being used is the Client to Authenticator Protocol 2, or CTAP2. You'll need the following to set up a security key with your Apple ID.

  • At least two physical FIDO Certified keys with CTAP2 support.
  • iOS 16.3, iPadOS 16.3, macOS Ventura 13.2 on all devices that are signed in to your Apple ID.
  • Two-factor authentication set up for your Apple ID.
  • A modern web browser. Note that the latest nightly build of Firefox, Firefox 109, does not support the security key standard that Apple uses.
  • To sign in on an Apple Watch, Apple TV, or HomePod after configuring your security keys, you'll need an iPad or iPhone that supports security keys.

There are a number of limitations though that you need to be aware of if you do set up security keys on your Apple ID.

  • You won't be able to sign in to iCloud for Windows
  • You can't sign in to older devices that can't update to a software version that supports security keys
  • Child accounts and managed Apple IDs aren't supported
  • Apple Watches that are paired with a family member's iPhone aren't supported. To use security keys, first set up your watch with your own iPhone.

Choosing the right security key for your device

Depending on what your primary devices are, it will change what you can use to log in to your Apple ID. For example, iPhones support NFC, so keys that work over NFC will work, but only with your iPhone. You can use a USB-C security key with an iPad, Mac, or an iPhone using a Lightning to USB-C adapter. Finally, USB-A security keys will work with older Macs or with a USB-C to USB-A adapter.

Apple suggests the following security keys as good examples of what will work with your Apple ID.

  • YubiKey 5C NFC (works with most Mac and iPhone models)
  • YubiKey 5Ci (works with most Mac and iPhone models)
  • FEITAN ePass K9 NFC USB-A (works with older Mac models and most iPhone models)

How to add a security key to your Apple ID

If you're set on adding a security key to your Apple ID, you can do the following depending on what device you own.

On iPhone or iPad

  1. Open the Settings app.
  2. Tap your name, then tap Password & Security.
  3. Tap Add Security Keys, then follow the onscreen instructions to add your keys.
  4. Review the devices associated with your Apple ID, then choose to:
    • Stay signed in to all active devices.
    • Select devices that you don't want to continue to have access to your account and sign out of them.

Apple ID Security Keys on iOS 16.3 beta 1

On Mac

  1. From the Apple menu , choose System Settings, then click your name.
  2. Click Password & Security.
  3. Next to Security Keys, click Add, then follow the onscreen instructions to add your keys.
  4. Review the devices associated with your Apple ID, then choose to:
    • Stay signed in to all devices.
    • Select devices that you don't want to continue to have access to your account and sign out of them.

Be sure to check out the guide linked below on Apple's own website as well for setting up security keys if you run into any problems!

Source: Apple