Apple announces upcoming support for security keys – Yubico

In 2022, if one thing has been proven, it has been made very clear that not all multi-factor authentication (MFA) is created equal. Vulnerabilities with legacy forms of MFA, such as SMS, TOTPs, and mobile-based apps, continue to be the target and victims of data breaches, with attackers taking aim in record numbers in 2022. For companies like Cloudflare that were targeted and escaped attacks, they have one thing in common – they protect their digital footprint with phishing-resistant MFA in the form of modern, FIDO-based authentication with security keys. The success of hardware security keys isn’t new and can go traced back to Google instituting FIDO U2F internally with a perfect success rate of protecting against account compromise due to phishing. 

We believe (as do our customers) that every app and service should allow for the option of hardware security keys for MFA. While support continues to grow, there are some apps and services that have introduced the highest level of advanced authentication – enhancing security by allowing access to accounts with only security keys, and turning off other authentication methods for access.  

For those at high risk and enterprise alike, this is an extremely important level of protection. This high-assurance security model is currently available for Google, Twitter, and with Apple’s announcement last week, coming soon for Apple and iCloud accounts. 

Google Advanced Protection Program and Security Key Announcement

For some background of how this has evolved, in October 2017, Google introduced the Advanced Protection Program – designed particularly for their users who would be at a higher risk of targeted online attacks, such as political figures, celebrities, journalists and much more. This protection reached the full Google platform, from consumer email, Youtube channels and content creators (protect your content) to the enterprise with Google Workspaces (protect your workforce).

According to Google, Advanced Protection provides “The strongest defense against phishing: Advanced Protection requires the use of Security Keys to sign into your account. Security Keys are small USB or wireless devices and have long been considered the most secure version of 2-Step Verification, and the best protection against phishing. They use public-key cryptography and digital signatures to prove to Google that it’s really you. An attacker who doesn’t have your Security Key is automatically blocked, even if they have your password.”

Twitter Security Key Announcement

Protecting your brand and communications on social media is critical, whether a celebrity, enterprise, or political figure, having your account hacked could be devastating. In June 2021, Twitter followed suit and announced that they also introduced enhanced security with hardware security keys for Twitter accounts (also highlighting that year how they successfully rolled out YubiKeys internally). 

According to Twitter at the time of the announcement, “Today, we’re adding the option to use security keys as your sole 2FA method — meaning you can enroll one or more security keys as the only form of 2FA on your Twitter account without a backup 2FA method. We know this is important to people because not everyone is able to have a backup 2FA method or wants to share their phone number with us. With this update, we want everyone to feel empowered to enable security keys to better secure their Twitter account.”

Apple Security Key Announcement

And just last week, Apple announced that they are joining this motion. As part of their move to advance security with new data protections, they will soon be introducing Security Key support for Apple IDs, accounts, and iCloud. 

According to the announcement regarding security keys, “Apple introduced two-factor authentication for Apple ID in 2015. Today, with more than 95 percent of active iCloud accounts using this protection, it is the most widely used two-factor account security system in the world that we’re aware of. Now with Security Keys, users will have the choice to make use of third-party hardware security keys to enhance this protection.”

“This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government. For users who opt in, Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two factors. This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.”

(image courtesy of Apple Newsroom 12.7.22)

We applaud Google, Twitter, and Apple for helping to drive adoption of security keys and FIDO-based authentication. We’re excited to see what 2023 has in store for cybersecurity. Whether that’s more innovation, and a move away from passwords altogether with the adoption of passkeys or more apps and services allowing for advanced protection, it has become apparent that authentication will continue to be a top priority both for security leaders as well as in the boardroom. 

For any individual user, or enterprises that require high assurance authentication, we highly recommend taking advantage of these features with hardware-based, YubiKey authentication. 

Do you use apps and services that you wish offered advanced protection with YubiKeys? Let them know!

For more information on how Yubico can protect you and your organization, see here or visit our store to purchase your YubiKey today.  

Talk to our teamTalk to our team

Share this article:


  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST