About Security Keys for Apple Account

Physical security keys provide extra protection for your Apple Account against phishing attacks.

Physical security keys can help make your Apple Account more secure

A security key is a small external device that looks like a thumb drive or tag, which can be used for verification when signing in to your Apple Account using two-factor authentication.

Security Keys for Apple Account

Security Keys for Apple Account is an optional advanced security feature designed for people who want extra protection from targeted attacks, such as phishing or social engineering scams.

With two-factor authentication – which is designed to make sure you’re the only one who can access your Apple Account – you need to provide two pieces of information to sign in to your Apple Account on a new device or on the web.

  • The first piece of information is your Apple Account password.

  • A security key can act as the second piece of information, instead of the six-digit verification code that is normally used.

Because you use a physical key instead of the six-digit code, security keys strengthen the two-factor authentication process and help prevent your second authentication factor from being intercepted or requested by an attacker.

You’re responsible for maintaining access to your security keys. If you lose all of your trusted devices and security keys, you could be locked out of your account permanently.

Find out more about two-factor authentication

What’s required for Security Keys for Apple Account

  • At least two FIDO® Certified* security keys that work with the Apple devices you use on a regular basis.

  • iOS 16.3, iPadOS 16.3 or macOS Ventura 13.2, or later on all of the devices where you’ve signed in to your Apple Account.

  • Two-factor authentication setup for your Apple Account.

  • A modern web browser. If you can’t use your security key to sign in on the web, update your browser to the latest version or try another browser.

  • To sign in to Apple Watch, Apple TV or HomePod after you’ve set up security keys, you’ll need an iPhone or iPad with a software version that supports security keys.

  • To sign in to iCloud for Windows after you set up security keys, you need iCloud for Windows 15 or later.

*FIDO® Certified is a trademark (registered in numerous countries) of the FIDO Alliance, Inc.

What doesn’t work with Security Keys for Apple Account

  • You can’t sign in to older devices that can’t be updated to a software version that supports security keys.

  • Child accounts and Managed Apple Accounts aren’t supported.

  • Apple Watches that are paired with a family member’s iPhone aren’t supported. To use security keys, first set up your watch with your own iPhone.

Choose the right security keys

Security Keys for Apple Account works with any FIDO® Certified security key. Some good examples include:

  • YubiKey 5C NFC (works with most Mac and iPhone models)

  • YubiKey 5Ci (works with most Mac and iPhone models)

  • FEITIAN ePass K9 NFC USB-A (works with older Mac models and most iPhone models)

If you choose a different security key, you should choose security keys that are FIDO® Certified, and have a connector that works with the Apple devices that you use on a regular basis.

For a complete list of certified keys from the FIDO Alliance, visit the FIDO® Certified Showcase.

Choose the right connectors for your device

Security keys with both near-field communication (NFC) and a USB-C connector work with most Apple devices.

Identify the ports on your Mac

NFC

NFC symbol

Near-field communication (NFC) keys only work with iPhone. These keys connect to your device with just a tap.

USB-C

USB-C connector

USB-C connectors work with iPhone 15 or later and most Mac models.

Lightning

Lightning connector

Lightning connectors work with iPhone 14 and most previous iPhone models.

USB-A

USB-A connector

USB-A connectors work with older Mac models, and can work on newer Mac models with a USB-C-to-USB-A adapter.

Use Security Keys for Apple Account

When you use Security Keys for Apple Account, you need a trusted device or a security key to:

  • Sign in to your Apple Account on a new device or on the web

  • Reset your Apple Account password or unlock your Apple Account

  • Add additional security keys or remove a security key

Keep your security keys in a safe place, and consider keeping a security key in more than one place. For example, keep one key at home and one key at work. If you’re travelling, you may want to leave one of your security keys at home.

Add security keys to your account

You can only add security keys on an Apple device with compatible software. You must add and maintain at least two security keys. You can add up to six keys.

You’ll need a passcode or password set up on the device that you use to add security keys.

During the setup process, you’ll be signed out of inactive devices, which are devices associated with your Apple Account that you haven’t used or unlocked in more than 90 days. To sign back in to these devices, update to compatible software and use a security key. If your device can’t be updated to compatible software, you won’t be able to sign back in.

On iPhone or iPad

  1. Open the Settings app.

  2. Tap your name, then tap Sign-in & Security.

  3. Tap Two-Factor Authentication.

  4. Tap Security Keys, then tap Add Security Keys. Follow the onscreen instructions to add your keys.

  5. Review the devices associated with your Apple Account, then choose to:

    • Stay signed in to all active devices.

    • Select devices that you don’t want to continue to have access to your account and sign out of them.

To stop using security keys: Open the Settings app, tap your name, then tap Sign-in & Security. Tap Two-Factor Authentication, tap Security Keys, then tap Remove All Security Keys. If you remove all security keys, your Apple Account will revert to using the six-digit verification code for two-factor authentication.

On Mac

  1. From the Apple menu , choose System Settings, then click your name.

  2. Click Sign-in & Security, then tap Two-Factor Authentication.

  3. Next to Security Keys, click Set Up, then follow the onscreen instructions to add your keys.

  4. Review the devices associated with your Apple Account, then choose to:

    • Stay signed in to all devices.

    • Select devices that you don’t want to continue to have access to your account and sign out of them.

To stop using security keys: Open System Settings, click your name, then click Sign-in & Security. Click Two-Factor Authentication, click Security Keys, then click Remove All Security Keys. If you remove all security keys, your Apple Account will revert to using the six-digit verification code for two-factor authentication.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: