iOS 16.3 adds an extra layer of protection against phishing attacks and unauthorized access. Hardware security keys are small physical devices that can connect to Macs and iPhones via USB-C and near-field communication (NFC).
Instead of using the regular six-digit verification code to unlock a device, hardware security keys can be used as an additional verification step when using two-factor authentication for Apple IDs.
Because these keys are meant to be stored in a keychain or wallet and must be physically present to authenticate a login, they offer greater security against remote login attempts. Apple ID credentials and one-time passcodes sent via 2FA verifications can’t be used if a security key is present.
Setting it up
To use the feature on iOS, Apple requires you to have two keys — one that you carry with you and another stored at home or in the office as a spare.
Setting up security key authentication on an iPhone is easy. Go to Settings > Click your name > Password & Security > Add Security Key. You will be prompted to ensure you have both security keys ready. Add the first one by holding the gold NFC section of your security key to the top of your phone.
Once both keys are linked, you will be asked to review the list of devices your Apple ID is currently logged in with and whether you wish to log them out.
Whenever you want to make a purchase or log in on another device, you will need to hold your security key to the top of your phone to complete two-factor authentication.
According to BleepingComputer, the feature works with the YubiKey 5 NFC, YubiKey 5C NFC and Google Titan. Apple confirmed that YubiKey 5Ci and FEITAN ePass K9 NFC security keys are compatible as well.
If you no longer wish to use a security key, return to the Security Keys setting and click Remove All Security Keys. Once your security keys are removed, you will automatically revert to six-digit verification codes.