Quick Links
Key Takeaways
To register a hardware security key with your Apple ID, open Settings and go to Password & Security > Add Security Keys. Follow the onscreen prompts, then you'll need to have your security key with you every time you log into your Apple ID.
Did you know you can secure your Apple ID and other services on your iPhone or iPad with a physical security key? These keys bolster security and simplify two-factor login. Here's how it works, and some recommendations for getting started.
What Is a Security Key?
Hardware security keys are small physical devices you can use to authenticate yourself, and it works in place of other authentication methods. Most popular services in fact now offer (and many require) two-factor authentication (2FA) to protect your accounts. 2FA relies on two things: something you know (your password) and something in your possession (usually your smartphone). Once you've entered your password you can either use an authenticator app to receive a code or have the code sent to you via SMS.
On top of a password, 2FA adds another layer of security. Security keys slot nicely into this equation by replacing the security code delivered by authenticator apps or SMS. Instead of relying on your smartphone, you can offload this duty to a physical key in your possession.
You can keep this key on a keychain next to your house and car keys, and use it to authenticate login attempts. This removes the risk of SMS codes being intercepted by someone who has "SIM-jacked" your phone number, or someone who happens to have access to your smartphone and authenticator app.
Unfortunately, it also means that without your security key, you're unable to log in. Like any other key you own, a security key could be stolen (though any would-be intruders would also need to know your password to gain access to accounts).
Buying the Right Security Key
For many of us, our Apple ID holds the keys to much of our digital life. This includes iCloud email accounts, calendars, messages, subscriptions and purchases, the ability to locate and remotely wipe devices, find AirTags, and more. It's arguably the most compelling account you'll want to lock down, so if you're going to buy a security key you'll probably want one that has Apple's blessing.
Though any FIDO Certified key should work, Apple makes a few specific recommendations like the YubiKey 5C NFC which should work with most iPhone models on account of NFC functionality. It should also work with most Mac models since it's fitted with a USB-C port too.
Yubico - YubiKey 5C NFC
Authenticate wirelessly with the YubiKey 5C NFC for great compatibility with most iPhone, iPad, and Mac models.
Apple also recommends the YubiKey 5Ci (with both USB-C and Lightning connectors) and the FEITAN ePass K9 NFC USB-A for users who are restricted to Mac models with older USB-A connectors. Note that Apple requires you to register two security keys (one being a backup) when securing an Apple ID account, so plan on purchasing a pair if you want to use them for your Apple ID.
How to Protect Your Apple ID with a Security Key
You can protect your Apple ID as of iOS 16.3 (and iPadOS 16.3 or macOS Ventura 13.2) by registering at least two FIDO Certified security keys. This will protect your Apple ID across a range of devices, provided you have two-factor authentication enabled on your Apple ID first. You'll need to register two so that you have a backup in case you lose one.
To protect your Apple ID with a security key on an iPhone or iPad, head to Settings and tap on your name at the top of the screen followed by Password & Security > Add Security Keys.
You'll be asked to review devices that are currently signed in to your Apple ID, then you'll be able to follow the on-screen instructions to register your key. You can use NFC (wireless) or Lightning security keys with an iPhone, but iPad models with a USB-C port can use USB-C-based security keys instead.
Once you've done this, you'll need access to your security key and an iPhone or iPad running iOS (or iPadOS) 16.3 to sign in on your Apple Watch, Apple TV, or HomePod. You won't be able to sign in with your security key using iCloud for Windows or devices running earlier software versions than those listed above.
You'll also need to use a trusted device (that you have already logged in using a security key) to sign in on the web, reset passwords or regain access to a locked Apple ID, add additional security keys to your account, or remove security keys from your account.
How to Use a Security Key with Other Apps
Other services (like Google and Facebook) have had support for security keys for a while. You can log in to these services using your security key on an iPhone or iPad, whether it has Lightning or NFC (or USB-C) connectivity. It works in both dedicated apps and websites through Safari.
You'll need to register your security keys using the service itself. So to add a security key for your Google account, log in as normal then navigate to "Manage Your Google Account" under your user icon then head to Security > 2-Step Verification > Security Key then use the "Add Security key" button to register your key.
You'll need to do this for any additional services you want to use with your security key. Many services now support this type of login including Instagram, eBay, and 1Password, and may even require it. Not all services are compatible with all types of keys, so you may need to do some research before you buy.
When you log in to an account that requires the use of your security key you should be presented with a prompt to verify using Lightning or NFC (and USB-C on an iPad).
While you're securing your devices and apps, learn how you can make your iPhone more secure when locked, get started with a password manager, and generally stay secure online.