Native support for WebAuthn and FIDO is finally here on iPhones and iPads

December 10, 2019 2 minute read

Yubico was founded with the mission of making simple and secure logins ubiquitous. In 2008, we launched the first YubiKey for seamless, one-touch authentication. In 2012, in close collaboration with Google, Yubico’s inventions evolved into the FIDO Universal 2nd Factor (U2F) open authentication standard, and in 2014 it was launched in Gmail and Chrome. In collaboration with Microsoft and the FIDO Alliance, the standard evolved into FIDO2, with the W3C web standards body certifying the standard under the name WebAuthn.

With each passing year, Google, Opera, Mozilla, Microsoft, and Brave browsers have added support. Now, with Apple adding native support for FIDO and WebAuthn in iOS and iPadOS 13.3, these standards are supported by all leading platforms and browsers. Today, developers can make easy-to-use, privacy-preserving, strong authentication available to all users across all leading platforms and devices.

Here are the highlights of native WebAuthn and FIDO support on iOS:

  • iOS and iPadOS 13.3+ natively support FIDO-compliant security keys, like the YubiKey, using the WebAuthn standard over near-field communication (NFC), USB, and/or Lightning as appropriate to the Apple hardware being used.

With today’s announcement, Yubico now offers two great user experiences on iOS using a simple tap or a physical connection. Authentication via NFC is supported by the YubiKey 5 NFC or Security Key NFC by Yubico by just tapping the YubiKey at the top of an iPhone (7 and above). Authentication via physical connection is supported by the YubiKey 5Ci by plugging the YubiKey into the Lightning or USB-C port of an iPhone or iPad.

So, what can you do?

Developers and online services can learn how to rapidly add support, including how to enable native support on iOS. If you are a developer, sign up to join the Yubico Developer Program to be informed on the latest reference documentation, testing tools, and open source servers.

Individuals and companies who want easy, secure access to their daily online accounts — including those in financial, healthcare, and government services — can accelerate adoption by requesting support for YubiKey and WebAuthn.

Today, Yubico is humbled by the many contributions our entire community has made, and would like to extend our utmost gratitude to every one of you that helped bring us one step closer to internet security ubiquity!

Share this article:

Recommended content

SIM Swap Protecting Against Account Takeover with WebAuthn

Billions of dollars are being stolen annually due to account takeover fraud.

Wrapping up 2020: A year where technology and internet security prevailed

Never has the world been more dependent on the internet, and never has it been more attacked than in 2020. In fact, it proved to be a year where trust in many of our systems was challenged. Yet I remain an eternal optimist and believe that we can transform the hard lessons learned in 2020 ...

Lessons from the SolarWinds incident

Last week, a large and expertly run espionage operation was made public — one that began no later than October 2019, and which had been actively exploiting victims since at least early 2020. This incident is particularly interesting for several reasons: for the breadth of sensitive global government and industry targets, for misuse of a ...

AWS Expands YubiKey Support with AWS SSO WebAuthn Integration

Another win for FIDO at the heels of its first industry conference, Authenticate 2020.  AWS Single Sign-On (SSO) has introduced native WebAuthn support to secure user access to AWS accounts and business applications using strong, FIDO-based multi-factor authentication (MFA) with YubiKeys.  Broader choice of authentication methods by AWS SSO is a win for modern authentication that has historically ...