Not all authentication is created
equal
One key for many applications
Proven at
scale at Google
Secure
remote workers with
YubiEnterprise Delivery
New to
YubiKeys? Try a multi-key
experience pack
Strong
authentication for remote
workers
YubiKey +
Microsoft. Defense against
account takeovers.
White paper: Passwordless
essentials
for the enterprise
White Paper: Emerging Technology Horizon for Information Security
Yubico for
Free Speech: Don’t be
silent. Don’t be silenced.
At Yubico, people come first. Join our
global mission
Introduction
Apple now supports YubiKeys to provide the strongest phishing resistant protection for your iCloud account using the FIDO protocol. By registering YubiKeys to your iCloud account, you significantly increase your protection even if your iCloud account password is stolen.1 This article will cover setting up and using your YubiKey with iCloud. To ensure you have a backup, you need a minimum of two YubiKeys/security keys to get started. Once you have set up security keys with your iCloud account, you will be required to use a security key to log in from untrusted devices. Read Apple’s Security Key support article to learn more about the implementation.
The YubiKeys can be registered from an iPhone/iPad or from a Mac. This article will provide a step-by-step guide for both options.
Setup Instructions
Prerequisites
- A minimum of two YubiKeys
- If registering from an iPhone/iPad, then you will need iOS/iPadOS 16.3 or above
- If registering from a Mac, then you will need MacOS Ventura 13.2 or above
- Two-factor authentication enabled on your Apple ID
- A modern web browser such as Safari or Chrome
iPhone or iPad initiated set up instructions
- Ensure the iPhone is running iOS version 16.3 or above. The iOS version can be found by tapping on the Settings app on the Home Screen (or in the App Library) and going to General -> About
- To update to 16.3, select the Settings icon, go to General -> software update
- Now that you have verified the needed iOS version, open the Settings app
- Tap your name
- Tap on Password & Security
- Select Add Security Keys
- Select Add Security Keys
- Select Continue
- At the prompt, enter your device/iPhone passcode to continue
- At the prompt, plug in or tap your Security Key to the iPhone.
- If you have a PIN set on the Security Key, you will be prompted to enter in your PIN
- Name your Security Key. Choose a name that will help you identify the specific YubiKey you are adding. The name will be saved to your iCloud account.
- Next you will be prompted to set up your second Security Key. Follow the same instructions as above.
- Once the second Security Key is set up, your setup process is complete. Select Done and you will be taken back to the Password & Security section where there will be two security keys displayed as being registered.
Managing Security Keys on the iPhone
- Open the Settings app
- Tap your name
- Tap on Password & Security
In this section, you can add additional Security Keys and manage the keys that have already been set up. Select an existing Security Key to edit the name or remove it. The following section will appear once you select a Security Key.
On this screen you can change the name you assigned to a particular YubiKey, or remove it (as long as two Security Keys remain registered).
macOS initiated set up instructions
- Open System Settings and select your Apple ID, then click Password & Security
- Click Add on Security Keys
- On the next screen, click on Add Security Keys or press Return Key
- At the prompt, enter your Mac User ID password. Then click Allow button or press Return Key. This is your local computer password, not your iCloud account password.
- Make sure you have both Security Keys at hand and click Continue or press Return Key
- Click Continue or press Return Key
- Insert your first Security Key
- Tap the Security Key when it blinks. If there is a FIDO PIN previously set, enter the PIN when prompted and tap the Security Key again
- Choose a name that will help you to identify the specific YubiKey you are adding. The name will be saved to your iCloud account. Continue button or press Return Key
- Click Continue or press Return Key to register the second Security Key
- Tap the Security Key when it blinks. If there is a FIDO PIN previously set, enter the PIN when prompted and click Continue button or press Return key, then tap the Security Key again
- Choose a name that will help you to identify the specific YubiKey you are adding. The name will be saved to your iCloud account. Continue button or press Return Key
- In the following screen you can decide to logout other devices or stay signed in
- You have successfully protected your iCloud account authentication with Security Keys
Login instructions
While you won’t need to use your YubiKey to check your iCloud settings on an iPhone or macOS device that’s already configured with iCloud, you may be prompted to use one of them when logging onto iCloud from a browser that Apple does not recognize, or when setting up a new Apple device.
The next time you are prompted to log in to your iCloud account, after entering your Apple ID and password, you will be prompted to use one of the YubiKeys that has been registered to your iCloud account.
Follow the on-screen instructions to complete your login. Your YubiKey’s PIN may be required if you have configured it to have one.
1 Be aware that Apple currently allows access to Find My using only a password in the app or on the web. This is likely because people commonly use the service to locate a phone they just lost, and may not have the ability to provide the second factor in that situation. Considering this, always use a strong iCloud password and protect it well, and configure Find My settings you are comfortable being accessed using only your iCloud password.