If you have an iPhone, iPad, or Mac, your Apple ID is among your most important digital accounts. If it is compromised, bad actors can access your iCloud information, see your location, or outright steal your devices from you.
Keeping your Apple ID safe is obviously paramount. While code-based two-factor authentication (2FA) has been Apple’s go-to way to protect your account for years, with the latest update to iOS 16.3, you can now use physical security keys to lock up your Apple ID from would-be intruders. It’s the best way to protect your account.
What are security keys?
Security keys have been around since long before Apple decided to implement them into Apple ID. In short, they’re a small piece of hardware resembling a USB thumb drive that can be used to authenticate yourself when signing into an account or device. Once set up, you can use a security key as an alternative form of two-factor authentication (2FA). Rather than rely on an SMS code or an authenticator app to prove your identity, you connect your security key to your device to authenticate instead.
The benefits here are evident: If someone wants to break into your account, they need access to your physical security key to do so. By ensuring your key remains safely on your person, the chance of a hack dramatically decreases.
Of course, theft still happens, which is why experts recommend you combine security keys with a second form of authentication, like a password or a PIN. That way, in the event that someone steals your key, they still won’t be able to access your account without the secret code.
How security keys work with Apple ID
Up until now, Apple ID’s two-factor authentication would send you a six-digit code to a trusted device when trying to log into your Apple ID. Rather than use that code, you can now plug a security key into your iPhone, iPad, or Mac to authenticate yourself — after providing the correct password. Apple added support for security keys with iOS 16.3 for iPhone, iPadOS 16.3 for iPad, and macOS Ventura 13.2 for Mac.
Apple being Apple, there are some quirks to the process. To start, you’ll need to maintain two FIDO Certified security keys at all times if you want to use the feature, because Apple doesn’t want you to be locked out of your account if you lose one. There are also some limitations to which devices and services you can use these keys with. You won’t be able to use one to sign into iCloud for Window; devices that don’t support iOS and iPadOS 16.3 and newer or macOS Ventura 13.2 or newer; child accounts and managed Apple IDs; and Apple Watches paired with a family member’s iPhone.
As you might guess, you’ll need to keep two-factor authentication enabled, but you also need access to a “modern web browser.” To sign into an Apple Watch, Apple TV, or HomePod after setting up the feature, you’ll also need a compatible iPhone.
While any FIDO Certified security key should work, Apple highlights three it thinks work best with its devices:
- YubiKey 5C NFC (works with most Mac and iPhone models)
- YubiKey 5Ci (works with most Mac and iPhone models)
- FEITAN ePass K9 NFC USB-A (works with older Mac models and most iPhone models)
Keep in mind the connector-type of the security key. NFC keys, for example, will work wirelessly with all iPhones. USB-C keys will work great with newer Macs and iPads, but iPhones and older iPads will need a Lightning key in order to connect directly; otherwise, you’ll need an adaptor to get them working. That’s probably why Apple recommends the YubiKey 5C NFC first, since its NFC connectivity will work with your iPhone, and its USB-C port will connect to many Macs and iPads.
How to set up security keys with your Apple ID
Before setting up security keys, remember: Once you add your two security keys to your Apple ID, you will need at least one of these keys with you at all times if you want to log into your Apple ID, reset your Apple ID password, unlock your Apple ID, or manage your keys.
If you want to set up security keys on your iPhone or iPad, make sure your device is updated to at least iOS 16.3 or iPadOS 16.3. Next, head to Settings > Password & Security, then tap “Add Security Keys.” Your device will walk you through set up to add the keys. Finally, choose which devices attached to your account will remain active, and which you’d like to remove from your Apple ID.
On a Mac, make sure you’re running macOS Ventura 13.2 or newer, then head to System Settings > [your name] > Password & Security. Click “Add” next to Security Keys, then follow Apple’s steps to add your keys. Again, review the devices attached to your Apple ID.
How to remove security keys from your Apple ID
If you find you no longer want to use security keys, they’re easy to remove. On iPhone or iPad, head back to Settings > Password & Security, then tap “Security Keys.” On Mac, go back to System Settings > [your name] > Password & Security, then choose “Security Keys.” On either system, choose
“Remove All Security Keys.” Once you do, you’ll go back to the old 2FA system, and you’ll be required to enter the six-digit code whenever logging into your Apple ID from a new device.