This robust addition to the security of your Apple account prevents hackers from getting into your account without the security key, but it’s not for everyone. In this article, I’ll explain why you might want to protect your Apple ID account with a security key, and how to set this feature up.
A security key is a small dongle-like device that has a unique identifier. When you pair it to an account, that device, which contains a digital cryptographic key, is needed to access the account. Many companies make security keys, and some work via USB, while others use NFC (near-field communication), or Bluetooth.
The photo above shows three such keys: one with USB-C, another with USB-A, and the third works with NFC. To use a security key, you either insert it into a USB port on a device, or hold it near the device and press a button to activate it.
Some security keys come with two different USB plugs and/or NFC, and it’s important to use a key that not only works with your current devices, but with all devices you may wish to use to access your account. See this article for more on using security keys.
As Apple says in a support document, “Security Keys for Apple ID is an optional advanced security feature designed for people who want extra protection from targeted attacks, such as phishing or social engineering scams.” This sounds great, right? This advanced protection means that you’re safe from hackers.
However, Apple also points out, in a press release, that, “This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government.”
Because of some of the constraints of using a security key, this isn’t a feature that just anyone should use. If you are a celebrity, journalist, or member of government, you should certainly set up a security key for your Apple ID account. If not, it might not be a good idea.
Apple’s two-factor authentication uses a chain of trust across your Apple devices. Once you have authenticated on one device, you can use that device to authenticate another device, or an Apple service on the web. For example, if you set up a Mac with your Apple ID, you’ve proven who you are. You can then set up a new iPhone using a code that Apple sends to that Mac, which you enter on the iPhone. At that point, you have two devices that you can use to receive or generate codes to authenticate other Apple devices and services.
When you set up a security key on your Apple ID account, you no longer get codes sent from Apple, nor will you be able to generate codes on your devices, but you will have to use the security key to authenticate your account. When you sign into an Apple website, service, or device, you enter your Apple ID email address, your password, then you use your security key to complete the process.
This hardens your security, because, if someone has managed to get access to one of your devices, they cannot use it to get access to other devices or to your account. And if you can’t get codes sent to your devices by Apple, and request SMSes to authenticate, Apple won’t send those SMSes, which could be intercepted by a malicious third party.
In order to set up a security key for your Apple ID account, you need the following:
There are some limitations to the use of security keys with your Apple ID account:
Apple’s support document gives information about the various types of security keys you can use. The best option is a security key with USB-C and NFC. You can connect to any Mac with USB-C, or with a USB-A to USB-C adapter; many security keys come with an adapter, or contain two USB plugs. NFC works with any iPhone that supports security keys.
Open System Settings, click your name, then click Password & Security. Scroll down to the Security Keys section, then click Add. A dialog explains how security keys work.
Click Add Security Keys. The next dialog explains that you need two security keys. Click Continue.
If you have any inactive in unsupported devices, you’ll need to sign out of them. Inactivate devices are those not used in the past 90 days. You can click Sign Out of Inactive Devices if you have any. Enter your password to continue.
The next dialog tells you to add the first security key. Click Continue, then insert the security key. You may need to press a button on the security key to activate it.
Continue this process for as many security keys as you have, up to six, then follow the instructions to complete the process.
From this point on, you’ll need one of the security keys to sign into any Apple service, and to set up any new Apple device.
Go to Settings, tap your name, then tap Password & Security. Tap Add Security Keys. The process is exactly the same as above; you’ll see the same steps to add two or more security keys.
For the iPhone, you’ll need security keys that use NFC. If you’re using an iPad, you’ll need a security key that connects to the device’s port. All currently sold iPads use USB-C, and older iPads – and all iPhones – use a lightning connector.
Once you’ve set up security keys for your Apple ID account, you will need to use them when signing into Apple websites or services, or when setting up new devices. When prompted, either hold an NFC security key near the top of your iPhone – your security key may have a button you press – or insert a security key in a USB port on the device you’re using.
You can link up to six security keys to your Apple ID account. If you want to remove any keys, in order to pair new keys, go to System Settings (Mac) or Settings (iPhone or iPad), tap or click your name, then choose Password & Security, then Security Keys. If you want to remove individual keys, tap the ones you want to remove, then tap Remove Key.
To remove all the keys associated with the account, tap or click Remove All Keys, then click Remove. If you do this, the account will revert to using six-digit codes sent via your other devices.
As explained above, if you remove all security keys associated with your account, this turns off security keys entirely.
As you’ve seen above, it’s pretty straightforward to set up security keys for your Apple ID account, but there are limitations. The main one is that if you don’t have access to a security key, you can’t get into your account. Also, if someone gets access to one of your devices and a security key, then they may be able to compromise it. To ensure that you don’t lose your security keys, you should keep one on your keyring, perhaps with an AirTag to track it if it’s lost or stolen. Keep another at home, and one at work. It’s better to have more security keys just in case. Because if you lose all of your security keys, you will be locked out of your Apple ID account, and Apple cannot help you get access.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: