How to add YubiKeys to Apple ID: A step-by-step guide

Derek Hanson

Derek Hanson

3 minute read

With Apple’s launch of support for security keys as a part of their iOS 16.3 update, users can now register their YubiKeys to their iCloud account. By taking this simple step, users can significantly increase their security – even if their iCloud account password is stolen. 

Security keys are phishing-resistant because they require proof of possession and the presence of the user to log in or gain access. They also deliver a seamless experience, letting users log in with a single tap or touch on the security key, and are both crush-proof and water-resistant. Beyond its convenience factor, YubiKeys are trusted devices – meaning you don’t need to use the YubiKey every time you log in. Once an app or service is verified, it will stay verified.

The first step to phishing-resistance is adding your YubiKey to your iCloud account. Below are the necessary steps needed to do so, as well as a video highlighting each step. 

For more detailed instructions on adding YubiKeys to Apple ID, visit our support center.

Adding YubiKeys to your iCloud account 

To ensure you have a backup, you need a minimum of two YubiKeys to get started (you can add up to 6 security keys). A full list of compatible YubiKeys with iCloud is found at the top of the page here, but most YubiKeys will be able to be paired. Apple recommends the YubiKey 5 Series – including the 5C NFC or 5Ci (featuring a dual connector with support for USB-C and Lightning) – but you can discover what YubiKey is right for you by taking our quiz.

To get started, first verify you have the following prerequisites: 

  • A minimum of two YubiKeys
  • iOS/iPadOS 16.3 or above
  • Two-factor authentication enabled on your Apple ID
  • MacOS Ventura 13.2 or above
  • A modern web browser such as Safari or Chrome

Once the above items are confirmed, follow the below steps to add YubiKeys to iPhone, iPad or Mac:

On iPhone or iPad:

  1. Open the Settings app.
  2. Tap your name, then tap Password & Security.
  3. Tap Add Security Keys, then follow the onscreen instructions to add your keys.
    1. At the prompt, plug in or tap your Security Key to the iPhone. Note that plugging in your YubiKey requires you to also physically touch the key.
  4. Review the devices associated with your Apple ID, then choose to
    1. Stay signed in to all active devices.
    2. Select devices that you don’t want to continue to have access to your account and sign out of them.

On Mac:

  1. From the Apple menu, choose System Settings, then click your name.
  2. Click Password & Security.
  3. Next to Security Keys, click Add, then follow the onscreen instructions to add your keys.
    1. At the prompt, plug in or tap your Security Key to the iPhone. Note that plugging in your YubiKey requires you to also physically touch the key.
  4. Review the devices associated with your Apple ID, then choose to
    1. Stay signed in to all devices.
    2. Select devices that you don’t want to continue to have access to your account and sign out of them.

Once you have set up your YubiKey with your iCloud account, you will be required to use a security key to log in from untrusted devices. Read Apple’s Security Key support article to learn more about the implementation.

Check out the video below to see how the process outlined previously works, and get on the path to phishing-resistance! 

, , , ,
Talk to our teamTalk to our team

Share this article:
  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless