Yubico, a company that produces NFC-based physical security keys for passwordless login and two-factor authentication, announced at the CES 2019 show today that it is developing a hardware key that works with both iOS devices and Macs that have USB-C.
A physical security keys can be used on desktop by plugging it into an NFC reader that’s attached to a computer via USB-C. Up until today, there were no viable options for iOS customers who wanted to elevate their security with a hardware key aside from connecting such an accessory to an iOS device through Bluetooth, which was both insecure and unreliable.
“The industry’s ended up with Bluetooth as the best way to connect with iPhones,” said Yubico’s SVP of Product, Jerrod Chong. “We felt that wasn’t good enough. If you want users to get over the hurdle of using a security device, you have to solve that usability problem.”
YubiKey has Lightning on one end and USB-C on the other, letting it be used not only with iPhones and iPads but also with newer Macs and other USB-C devices, such as 2018 iPad Pro.
For two-factor authentication, the device can generate a one-time passcode and send it to the requesting app via NFC. This improves the two-factor authentication experience on iOS because you can authenticate with just a tap of your YubiKey against your phone.
And as the the latest hardware authenticator from Yubico, YubiKey is built to last. It’s made in the USA and Sweden with reinforced fiberglass that is hermetically sealed and injection molded into a monolithic block, delivering exceptional physical l durability.
This is the first such device approved by Apple.
Physical keys are more secure than passwords or one-time codes so YubiKey should be perfect for strong multi-factor, two-factor and single-factor passwordless authentication.
Developers wanting to support YubiKey authentication must sign up for Yubico’s YubiKey for Lightning program, currently in a private preview, to update their apps accordingly. “The key doesn’t solve anything if the application doesn’t support the device,” Chang told The Verge.
The company’s existing NFC-based security key products work out of the box with hundreds of services supporting FIDO U2F and FIDO2 authentication protocols.
Aside from Microsoft, the list includes Google, Facebook, Twitter, Dropbox, in addition to a growing list of password managers and a bunch of FIDO2/U2F-compatible websites.
It’s unclear when general availability might start—Yubico hopes the new key will go on sale sometime in 2019—so keep your eyes peeled and watch this space for the latest.