Apple just added support for security keys to secure your Apple ID with its latest iOS and macOS updates, but to actually set up your keys with your account, you’ll need to have at least two security keys on hand, according to an Apple support document (via MacRumors).
While that might sound like a bit of an inconvenience, the requirement means that you’ll have a backup in the event that you lose your primary key and won’t be locked out of your account. It’s not an entirely unexpected ask; Google recommends using two security keys with its Advanced Protection Program for Google accounts, though the company only requires that you have one security key to enroll. Apple will let you enroll up to six keys to your account.
You can add security keys to your account on an iPhone on iOS 16.3 or later, an iPad on iPadOS 16.3 or later, or a Mac on macOS Ventura 13.2. (Those updates were released on Monday.) You’ll also have to have two-factor authentication on your Apple ID and be using a “modern web browser.” According to the support doc, you won’t be able to use security keys with child accounts or managed Apple IDs, and you won’t be able to use them to sign in to iCloud for Windows.
Apple requires that the keys are FIDO certified, and if you want to pick up some keys to use with your Apple ID, the company has a few recommendations. One is the YubiKey 5C NFC, which plugs into USB-C ports but can work with iPhones, all of which currently use Lightning ports thanks to NFC. (Good thing the iPhone will be moving to USB-C.) Another is the YubiKey 5Ci, which solves that pesky Lightning problem by having connectors for both Lightning and USB-C, though I’m not a fan of the key’s two-prong design. Apple also recommends the Feitian ePass K9 NFC USB-A, which can plug into older Macs with USB-A ports and connect to iPhones via NFC.