In today’s age of digital threats, the security of our electronic devices is more important than ever. That’s why Apple started supporting physical security keys with iOS and iPadOS 16.3 and macOS Ventura 13.2. Let’s see how to set up security keys for Apple ID on your iPhone.
What a security key does
A physical security key is a small device that looks like a thumb drive or tag. It acts as a separate layer of protection for your Apple ID. The traditional form of two-factor authentication (2FA) when you sign in with your Apple ID sends a prompt to one of your trusted devices to approve the login. You then enter a six-digit code generated on the trusted device to confirm your login on the new device.
The physical security key changes that. Instead, you use your key, plugged into your device or connected via NFC, as your 2FA confirmation. According to Apple:
Security Keys for Apple ID is an optional advanced security feature designed for people who want extra protection against targeted attacks, such as phishing or social engineering.
What you need to implement security keys for your Apple ID
To take advantage of the advanced protection provided by Security Keys for Apple ID, there are a few things you’ll need first.
- You need iOS 16.3, iPadOS 16.3, or macOS Ventura 13.2 or later on all devices where you’re signed in with your Apple ID.
- You need at least two FIDO certified security keys that work with your devices.
- Two-factor authentication must be set up for your Apple ID.
- You need a modern web browser. If you can’t use your security key to log in to the Internet, update your browser to the latest version or try a different browser. The version of Safari included with iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2 should work fine.
Apple does provide a short list of some compatible devices. You can find a comprehensive list on the FIDO Certified Showcase.
Which one is best for you is a topic for another day. I will say, though, that the folks at Yubico were kind enough to send me a pair of Yubikey 5C NFC keys to walk me through the setup, and that model meets or exceeds just about every security requirement I could ask for.
I will recommend that whatever security keys you choose allow you to configure a PIN to use them. The aforementioned Yubikey 5C NFC security keys make this possible.
This extra measure is important if you happen to find both your iPhone and your security key stolen. It also eases the worry of “drive-by activations” if your key supports NFC.
After you’ve set up your security keys, you’ll need an iPhone or iPad with a software version that supports security keys to sign in to Apple Watch, Apple TV, or HomePod.
How to set up your security keys for Apple ID on iPhone
Once you have everything you need, you can set up your security keys. Let’s get down to business.
Time required: 5 minutes.
Follow these steps to set up your security keys.
- Go to Settings > Apple ID > Password & security.
- Crane Add security keys.
- The following screens repeat what you need to do.
Crane Add security keys > Continueread the information provided and then enter your iPhone passcode.
- Then your iPhone will ask you to enter and activate your first security key.
If it has a Lightning connector, insert it into your iPhone. If it’s an NFC key, just place it on the top of your iPhone.
- Follow any on-screen instructions, such as entering your security key PIN if you have one.
- Your first key will show as added.
Then your iPhone will guide you through adding your second backup key.
- After everything is done, tap Done to complete the installation.
You will now see your two keys inside Settings > Apple ID > Password & Security > Security Keys. From this screen you can add additional security keys, change or delete an existing one, or delete all keys.
Note that if you remove your security keys, your Apple ID will revert to using the six-digit 2FA verification codes.
Similar steps for your iPad and Mac
On your iPad, the steps for setting up Apple ID security keys are exactly the same, only on a larger screen.
For macOS Ventura, you can find the installation dialog at System Settings > Apple ID > Password & Security. Once you find the settings, the process follows the same path as on iOS and iPadOS.
What to do with your security keys
It’s a good idea to store your security keys in separate locations. I have one on my keychain, while the other one stays in my fireproof safe in case I need it.
Verify your Apple ID with your security keys
From now on, you’ll need one of your security keys every time you sign in to your Apple ID on a new device. This includes any new iPhones, iPads, or Macs you can sign into.
If you get a new HomePod, Apple Watch, or Apple TV, you’ll also need your security key. The only difference here is that you insert the key into your compatible iPhone or iPad to complete the authentication.
There are some Apple services that don’t work with Apple ID security keys. For example, you cannot sign in to iCloud for Windows. You also can’t sign in on older devices that can’t be upgraded to a software version that supports security keys.
In addition, the following devices and types of Apple IDs are not supported:
- Child accounts.
- Managed Apple IDs.
- Apple Watches paired with a family member’s iPhone. To use security keys with such wearables, you must first set them up with your own iPhone.
One last warning
Be very diligent about protecting your security keys. Yes, you have a backup key in case one is lost. However, losing both physical keys, as unlikely as it may sound, will cause you quite a bit of inconvenience.