This is shaping up to be a good year for security conscious MacOS users. First, in January, Apple added support for using security keys to protect Apple IDs. This represented a huge step forward for protecting iCloud accounts by preventing access on untrusted devices.
But what about using security keys on your MacOS device to log in to other websites? Well, there’s good news on this front, too, because FIDO2 support has been added to the latest version of Firefox.
Starting with Firefox 114 – released on June 6, 2023 – Firefox has enabled support for FIDO2 security keys for both registering and authenticating to sites that support passkeys. You can now use your security key to log in to a growing number of online services, identity providers and social networks that have implemented FIDO2 passwordless. For example, now you can authenticate to Microsoft’s Azure/O365 with Firefox on MacOS with a YubiKey.
It’s important to note that Firefox’s support is still evolving. Much like Safari, it is missing the capability to set a PIN for a security key when a key is first registered with a site that requires PINs. The good news is that if you’re using a YubiKey as your FIDO2 token, you can use Yubico Authenticator for MacOS to set or change a PIN and view or delete the hardware-bound passkeys stored on your YubiKey.
Firefox’s support for FIDO2 is a great step forward for the privacy-focused browser, and another step towards ubiquitous support for phishing-resistant authentication around the web. We’re always happy to see more choice in browsers that support modern, standards-based secure authentication! We’d like to thank the developers at Mozilla for their ongoing work supporting FIDO2 hardware keys like the YubiKey, and can’t wait to see what’s coming next.
For more information on passkeys, and to learn what differentiates passkeys stored on a security key from passkeys stored on a mobile device, visit our blog post here.