Apple adds YubiKey support to Apple ID

Beginning with iOS 16.3, iPadOS 16.3, and macOS 13.2, Apple has introduced three advanced security features focused on protecting against threats to user data in the cloud, representing the next step in its ongoing effort to provide users with even stronger ways to protect their data.

• Security Keys for Apple ID - users have the choice to require a physical security key to sign in to their Apple ID account instead of verification codes. (Note: This is not for unlocking devices each time, it is for when signing in with your Apple ID on the web or on a new device where you haven't signed in before). 
• Advanced Data Protection for iCloud - uses end-to-end encryption to provide Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data, including iCloud Backup, Photos, Notes, and more.
• iMessage Contact Key Verification - users can verify they are communicating only with whom they intend.

How do YubiKeys work with Apple ID accounts?

Since 2015, Apple has supported two factor authentication when logging into an Apple ID account. With the release of iOS 16.3, iPadOS 16.3 and macOS 13.2,  users will have the option to use a YubiKey to login (via NFC or inserting the YubiKey).  

For users who opt in, Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two factors when signing into a new device. This takes two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.

You will need to run a specific version of Apple software to setup YubiKeys.

Which YubiKey do I need?

YubiKeys are available at Trust Panda (Official Yubico Gold Certified Ecommerce Partner) and are dispatched daily from our warehouse in Sydney, Australia. 

Apple requires that you have two (2) physical YubiKeys - this ensures you can always sign in to your account, even if you lose one. You can add up to six (6) physical YubiKeys to your Apple ID. 

* iPad Pro Users - please read Yubico KB.

Note: the YubiKey 5Ci does not have NFC and will require you to insert the key into your Apple devices. 

Do I need a spare YubiKey?

Apple requires two (2) physical YubiKeys to enrol. You should store your YubiKeys separately and in a safe place. If you lose your YubiKey, Apple will not be able to help you access your account. There is no recovery method if you lose both of your YubiKeys. 

If you're travelling, you might want to leave one of your YubiKeys at home. 

Can I use the YubiKey with other applications?

You sure can! Check out the Works with YubiKey Catalogue.

Do YubiKeys work on both Apple and PC?

Yes. You do not need a different YubiKey when using it across different operating systems across different applications. (Note: You can't sign into iCloud for Windows when using a YubiKey). 

What doesn't work with Security Keys for Apple ID?

• You can't sign into iCloud for Windows
• You can't sign in to older devices that can't be updated to a software version that supports security keys
• Child accounts and managed Apple IDs aren't supported
• Apple Watches that are paired with a family members iPhone aren't supported. (To use YubiKeys, first setup your watch with your own iPhone).

When will iOS/iPadOS 16.3 and macOS 13.2 be released?

iOS 16.3, iPadOS 16.3, and macOS 13.2 are now available for download. Apple released these versions on 24 January 2023.

How do I get started? Where can I get more info?

There are certain requirements (such as minimum operating system) that need to be met. You can learn more by visiting:

• Yubico - Protecting Apple iCloud with YubiKeys
• Apple - About Security Keys for Apple ID