iPhone support for YubiKey OTP via NFC

October 25, 2017 3 minute read

Will my YubiKey NEO work on iPhones now that iOS 11 added some NFC support? It’s a fair question – one that we’ve been getting a lot of. This blog explains some of the details about iPhone support for YubiKey OTP to help bring some clarity to YubiKey users.

First, it’s important to understand the limited scope of Apple’s NFC support. Apple’s NFC APIs for iOS (Core NFC) allow iPhone apps to read the NFC Data Exchange Format (NDEF) records from certain NDEF tags (only supported on iPhone 7, 7 Plus, and up). However, there are a few limitations. Besides the fact that the NFC Reader interface can only be fired up from an app, Core NFC does not allow for write operations that are required for authentication protocols like FIDO U2F. That said, NFC on the iOS platform does not support Google’s recently announced Advanced Protection Program.

However, because NFC tag reading is supported, it allows developers to build apps, including consumer facing or purpose-built enterprise applications, with one-time passcode (OTP) support. Given that the YubiKey NEO can generate an OTP and send it to the requesting app via NFC, we finally have some good news for iPhone lovers: the YubiKey NEO will support OTP over NFC for applications that run on iOS11 and iPhone versions 7+. While Yubico acknowledges this progress, ubiquitous Apple support for strong authentication, namely FIDO protocols, remains out of reach at the moment.

For YubiKey users, this improves OTP two-factor authentication on the iPhone. Now they can authenticate with just a tap of their YubiKey NEO against the phone. Additionally, developers have a better authentication option to integrate with their mobile applications. One caveat remains: developers will have to build NFC support into each individual application to retrieve the OTP from the NDEF tag. Edit (28 May, 2018): See our new Mobile SDK for iOS.

In contrast, Android supports NFC natively in the platform. For example, Android developers can open the NDEF record for a URL with the default browser instead of opening up the specific app to read the NDEF tag. Furthermore, Android developers can also add FIDO U2F support using the Android FIDO U2F APIs.

While this is encouraging news, we realize it is not yet the complete desired solution. With Apple finally opening up parts of its NFC technology (just like with Touch ID a few years ago), we are hopeful that this standards-based approach will evolve. We know security is only as strong as its weakest link; it is high on our bucket list of things to solve for the ecosystem!

What can you do? As Yubico continues to advocate for ubiquitous, strong authentication for all, we invite you to join us in voicing or tweeting your concerns and desires to Apple to expand their NFC on iOS. As a customer-centric company, Apple will greatly value your input. To send developer feedback to Apple, visit their contact page or send a tweet to @AppleSupport.

Share this article:

Recommended content

Thumbnail

Customer YubiStories: How a biopharmaceutical company solved NFC authentication with a YubiKey and wristband

One of the greatest things about the YubiKey is that it can be used in virtually any environment and by any user. While we all know about the common user experience of plugging in your YubiKey then touching to authenticate, we often hear unique stories from our customers about how they used creativity to address ...

What is Yubico OTP?

Learn More Yubico OTP Developer Resources What is Yubico OTP? OTPs Explained

What is a Secure Static Password?

Learn More YubiKey static password offers up options Developer Resources Understanding core static password features

What is One-Time Password (OTP)?

Are there additional advantages to 2-factor authentication when using Yubico OTP? Learn More OTP vs. U2F: Strong to Stronger The key to trust iPhone support for YubiKey OTP via NFC Developer Resources What is Yubico OTP? Using a Yubico OTP Library OTPs explained