YubiKey Security key support for Apple ID on iOS 16.3


We have exciting news for our Apple users: as part of iOS 16.3, Apple announced the general availability of security key support for Apple ID accounts – so grab your iPhone and your YubiKey and turn it on today

With more than 95% of active iCloud accounts currently using two-factor authentication, the availability of security key support has the potential to make a tremendous impact on modernising everyone’s approach to cybersecurity. 

Apple has allowed users to take their security into their hands by enabling security keys, stating that physical security keys take their two-factor authentication even further to prevent even an advanced attacker from obtaining a user’s second factor in a phishing scam.

“With 90% of breaches being tied to stolen credentials from phishing attacks, it’s exciting to see Apple users have the option to take their account security into their own hands. With the new iOS 16.3 update, users now have the option to uplevel their account security by adopting physical security keys like the YubiKey, which are the most secure form of multi-factor authentication (MFA),” said Derek Hanson, VP of Standards and Alliances, Yubico.

“Legacy MFA like SMS based authentication and one-time passcodes (OTPs) have proven to no longer be sufficient enough for account protection. What has proven to protect users against today’s phishing attacks are YubiKeys because they put the user in control and only those with access to the physical key can access the account.”

As mentioned in December, it has been made very clear that not all multi-factor authentication (MFA) is created equal. Vulnerabilities with legacy forms of MFA, such as SMS, TOTPs, and mobile-based apps, continue to be the target and victims of data breaches, with attackers taking aim in record numbers in 2022.

Given the nature of our work, cybersecurity is always top of mind in our discussions. It is important for companies like Apple to embrace hardware security keys. 90% of breaches can be tied to stolen credentials, and she reinforced how YubiKeys put the user in control to protect themselves against phishing attacks with the trusted, gold-standard of authentication. We applaud Apple on the significance of this release.

We started testing the implementation process during Apple’s beta rollout in December and are excited to test further use case scenarios now that it has been released. Keep your eyes out for a future blog post on how to get your Apple ID protected with your YubiKey.