It’s a question that we receive often, ‘so how does the YubiKey work with iPhone?’ Until now, the answer to that question has been a bit unclear because of limited support for NFC in iOS. But today, we have a clear answer: YubiKey iOS support is here, now, with two exciting pieces of news.
For application developers, we are introducing a new Mobile SDK for iOS that allows any iOS mobile app to rapidly add support for hardware-based two-factor authentication (2FA) using YubiKey OTP over NFC. Second, LastPass, one of our longest and most prominent integrations, has released the latest version of its password management app with fully integrated support for the YubiKey NEO over NFC on iOS. This was completed using our Mobile SDK for iOS, but we’ll share more on this milestone a little later.
The launch of iOS 11 last year saw Apple provide support for NFC tag reading, which allowed developers to build apps with one-time passcode (OTP) support. Given that the YubiKey NEO can generate an OTP and send it to the requesting app via NFC, it became possible to authenticate with Yubico one-time password (Yubico OTP) with a YubiKey NEO — a feature requested by many YubiKey users. However, documentation and reference code for developers to add this support to applications was lacking and unnecessarily complicated.
To help mobile application developers simplify rollouts and deliver on this functionality, Yubico created the Mobile SDK for iOS. It’s available now for download and is also part of the Yubico Developer Program mobile track, and provides developers all the necessary tools to rapidly up-level their iOS mobile app security with Yubico OTP.
By introducing YubiKey hardware-based authentication via NFC to iPhone applications, users no longer need to toggle between apps and temporarily memorize a throw away code before it expires. Now users can just tap the YubiKey to authenticate, which is four times faster than typing in an OTP! Not to mention, users and app developers no longer have to run the risk of potential security and reliability issues by relying on SMS or mobile authentication.
LastPass iOS App Supports Yubico OTP via NFC
The LastPass password manager remains one of the most popular YubiKey integrations for Yubico OTP, and the application has supported NFC on Android devices for many years.
Today, LastPass is the very first password manager application on iOS to enhance its security with Yubico OTP authentication through NFC. This means that LastPass users with iPhone 7 or above, running iOS 11 and above, can now authenticate to their LastPass Premium, Families, Teams, or Enterprise accounts on their mobile device with the same YubiKey NEO that they use for their desktop or laptop. Users will touch the YubiKey NEO to the iPhone to wirelessly transfer a Yubico OTP and securely authenticate to the application
“LastPass has long supported YubiKey as a multi-factor authentication option for adding an extra layer of security to LastPass accounts and values the partnership we have with the Yubico team,” said Akos Putz, Principal Product Manager for LastPass at LogMeIn. “With the new mobile SDK for iOS, our customers now benefit from the strength and security of hardware-backed YubiKey 2FA with the support for our iOS app.”
For current LastPass users, the iOS application will receive an automatic update (version 4.2.7) via the App Store and you can set up YubiKey in your account settings. If you’re an iPhone user, you can download the latest version of LastPass here and for further instructions on setup, visit here.
We applaud LastPass for supporting this milestone leap in YubiKey mobile app authentication for iPhones and iOS. With this announcement, the YubiKey now provides simple and secure authentication for all leading mobile platforms including Android, Windows mobile, and iOS. Find out more about our new Mobile SDK for iOS here.
UPDATE (09/25/18): LastPass also supports the YubiKey 5 NFC over NFC for iOS. Read their announcement here.