Apple has long had the support for text message and push notifications for its two-factor authentication for Apple ID accounts. However, as more and more iPhones, Macs and Apple Watches are being used by celebrities, heads of state and high ranking officials, both in the US and abroad, Apple has felt the need to exponentially increase security of Apple accounts for those folks that need it.
Apple improved security by releasing support for physical security keys for authenticating with your Apple account. This takes the place of the text message or two-factor push notification. Instead, it uses a physical key that you plug into your iPhone, iPad or Mac to authenticate yourself after entering your username and password.
This feature isn’t for everyone, but if you fall into a category of users that needs enhanced security and account protection, then enabling this feature can drastically increase your security of iCloud data.
In this article, we’ll cover choosing the right key, setting up security keys, and also how to use security keys on your iOS and macOS devices.
Choosing a key
Apple officially supports any security key that follows the FIDO Security Key spec. In particular, Apple recognizes these keys as being good examples:
- YubiKey 5C NFC.
- YubiKey 5Ci.
- FEITIAN ePass K9 NFC USB-A.
When choosing a key, they come in many different standards and connection technologies, including NFC, USB-C, Lightning and USB-A. You can find the full array of FIDO-compatible products here.
You’ll have to purchase two keys to set up your Apple ID account to use security keys, so you can choose an array of technologies. Ensure that the majority of your Apple products can use either key to authenticate, as you will use the key each time you authenticate.
Setting up security keys on Apple accounts
You should consider the following before you begin:
- Your devices must be on iOS 16.3, iPadOS 16.3, or macOS Ventura 13.2 or later. All devices on your Apple ID must be upgraded before you begin.
- Two-factor authentication must be set up for your Apple ID before you begin
- You will be required to have at least two FIDO-certified keys to proceed with setup
- To sign in to Apple Watch, Apple TV or HomePod after you set up security keys, you need an iPhone or iPad with a software version that supports security keys
- To authenticate with iCloud on the web, you’ll need a modern web browser, such as the latest version of Safari on the Mac.
The following does not work with Apple security keys:
- You cannot sign in to iCloud for Windows with security keys enabled.
- You cannot sign in to iCloud on older Apple devices that don’t meet the minimum software requirement above.
- Child and managed Apple IDs aren’t supported with security keys.
- Apple Watches that are paired with a family member’s iPhone aren’t supported. To use security keys, first set up your watch with your own iPhone.
To begin on iPhone or iPad:
- Open the Settings app.
- Tap on your name at the top.
- Select Password & Security | Add Security Keys.
To begin on macOS:
- Select Apple menu | System Settings.
- Tap your name at the top.
- Select Password & Security | Add Security Keys.
Follow the setup wizard here regardless of which device you’re setting up the key on, and it’ll guide you through the process of scanning or inserting your key to register it with your Apple ID account (Figure A).
Figure A
Using a security key to authenticate with your Apple account
Once you’ve set up security keys on your account, then you will be prompted to insert or tap the security on your device whenever you need to authenticate through iCloud.
A prompt similar to Face ID will be displayed when you need to be prompted to authenticate with your key and inserting the key into the device will complete the activation.
Security keys can also be used to reset your Apple ID in the event that you’ve forgotten your password.
Removing security keys from your Apple ID account
Up to six security keys can be paired to your Apple ID account, but there may come a time when you need to remove a key. To manage your security keys, do the following:
- Open Settings.
- Tap your name at the top.
- Select Password & Security | Security Keys.
From here, tap Remove All, or tap Remove beside a single key. If you remove all of the security keys from your account, then Apple will revert to sending you a six digit push notification or text message to authenticate using two-factor authentication instead.
If you need to learn more about security keys, visit Apple’s help documentation for security keys.