Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 16.3 and macOS Ventura 13.2 Betas Add Support for Physical Apple ID Security Keys
- Thread starter MacRumors
- Start date
- Sort by reaction score
the blue Yubico is only :
Security Key NFC by Yubico
The Security Key NFC by Yubico combines hardware-based authentication, public key cryptography, and U2F and FIDO2, along with USB and NFC capabilities all-in-one to help eliminate account takeovers across desktops, laptops and mobile.- Works out of the box with Google, Microsoft, Twitter, Facebook, and hundreds of other services
YubiKey 5 Series
Multi-protocol security key, eliminate account takeovers with strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. Multi-protocol support allows for strong security for legacy and modern environments. And a full range of form factors allows users to secure online accounts on all of the devices that they love, across desktops and mobile.- Multi-protocol support; FIDO2, U2F, Smart card, OTP, OpenPGP 3
- USB-A, USB-C, NFC, Lightning
- IP68 rated, crush resistant, no batteries required, no moving parts
What happens if the key (or one of the keys, in case you have back-ups) falls into the wrong hands? Will the thief be able to take hold of your account and lock you out of it? Like, say, tapping "forgot password" and using the key as proof of identity?
Of course, if you know it's missing, then you can use one of your existing Apple devices, on which you are already logged on, to remove it from your account. But what if you don't notice its absence right away?
Of course, if you know it's missing, then you can use one of your existing Apple devices, on which you are already logged on, to remove it from your account. But what if you don't notice its absence right away?
Last edited:
Trying to get my head around this... So how does the implementation of this work with Apple devices? Say I have an iPad, an iPhone, two MacBooks. I access an apple service (on any device) that would normally send me a 6 digit TOTP. Do I then instead of the code get prompted to insert or tap the physical key?
And if I don't have the physical key with me or nearby, how do I fall back to another 2fa method?
And if I don't have the physical key with me or nearby, how do I fall back to another 2fa method?
Yes.
As I understand, there's no fallback to another 2FA method. If you lose both physical keys you'll have to use either a recovery code (which you hopefully have generated in advance and stored in a safe place) or a recovery contact (i.e. a trusted friend).
Interesting... As I've noted with other providers that the security key is an additional option (in the main). Going to be tricky if Apple requires only the one method as that would require buying a key for every device or moving one key around constantly. And what of devices like Apple Watch?
I only like them if the device and the app/site I am on autofills it. The one that bugs is actually Apple's stuff. If I get the code on Android, they have those dumb boxes, so it only fills the first number.
Yea most or all of the Auth apps I've used give like eight recovery codes you need to save somewhere. I don't know how physical ones work because I never used one. Do they have a paper with codes, or can you go on a site to get them?
Yea just hope the physical key is 1 priority. Wish you could set the order. My SE is backup now and is just at home. If I want to check the card or icloud on my Android, I always have to tap multiple times to get the SMS. There needs to be a way to set SMS as 1 priority
You need one key that's always with you (on a key ring, or in your wallet, or something like that), or at least within reach, and one that's stored safely at home or in some other secure location.
It's not like you'd have to use the key every day. You only need it when you're logging into your iCloud account for the first time on a particular device - like when you buy a new phone, for instance.
The watch will be fine, as it doesn't connect to iCloud directly. It's paired to a phone, which in turn is connected to iCloud. So, it's the phone that will need the key, not the watch.
But how about an Apple TV? Unlike a watch, the Apple TV does want to connect to iCloud directly. I'm not sure how this will work. I haven't seen it mentioned anywhere.
Last edited:
Actually cellular Apple Watches I'd assume *do* connect to iCloud directly as they work independently of the iPhone, however I accept one is unlikely to be doing much on a watch that would require that level of authentication.
Good point. I forgot about those, because all Apple Watches in my family are wi-fi only. 😊
Do cellular Apple Watches work without being paired to an iPhone first? Or must they be paired anyway, and only then can they function independently? In the latter case I'd assume that the very first iCloud connection would take place via the phone, which would make a security key unnecessary for the watch itself.
Good thinking. Yes, I believe they must be paired initially but then work independently thereafter.
Not sure you ever got a response, but I used my blue Security Key as one of the two I registered this morning without issue. My other key was a 5C NFC.