At least as of April 2024 Apple seems to treat FIDO2 Security Keys just like a trusted device. So I would still be getting the six-digits codes to confirm? Adding a hardware key wouldn’t add any security to my account, or am I missing something?
When you use Security Keys, you do not get a six-digit code.
With two-factor authentication — which is designed to make sure that you’re the only one who can access your Apple ID account — you need to provide two pieces of information to sign in with your Apple ID to a new device or on the web.
- The first piece of information is your Apple ID password.
- A security key can act as the second piece of information, instead of the six-digit verification code that is normally used.
Because you use a physical key instead of the six-digit code, security keys strengthen the two-factor authentication process and help prevent your second authentication factor from being intercepted or requested by an attacker.
On that article it says that “when you use Security Keys for Apple ID, you need a trusted device or a security key”.
What do they mean when they say that I need a trusted device?
I understood that in the way that e.g. my iPhone and my FIDO2 key are treated in the same way and I can use both to authenticate.
on my apple ID with ADP on and 2x yubikeys enrolled, I don’t get codes and it prompts for the key every time
It’s saying you can add new security keys with a trusted device that is already logged in. You should enable stolen device protection separately if that worries you.