Do Security Keys make any sense to secure an Apple ID?

At least as of April 2024 Apple seems to treat FIDO2 Security Keys just like a trusted device. So I would still be getting the six-digits codes to confirm? Adding a hardware key wouldn’t add any security to my account, or am I missing something?

When you use Security Keys, you do not get a six-digit code.

With two-factor authentication — which is designed to make sure that you’re the only one who can access your Apple ID account — you need to provide two pieces of information to sign in with your Apple ID to a new device or on the web.

  • The first piece of information is your Apple ID password.
  • A security key can act as the second piece of information, instead of the six-digit verification code that is normally used.

Because you use a physical key instead of the six-digit code, security keys strengthen the two-factor authentication process and help prevent your second authentication factor from being intercepted or requested by an attacker.

Source.

1 Like

On that article it says that “when you use Security Keys for Apple ID, you need a trusted device or a security key”.

What do they mean when they say that I need a trusted device?

I understood that in the way that e.g. my iPhone and my FIDO2 key are treated in the same way and I can use both to authenticate.

on my apple ID with ADP on and 2x yubikeys enrolled, I don’t get codes and it prompts for the key every time

2 Likes

It’s saying you can add new security keys with a trusted device that is already logged in. You should enable stolen device protection separately if that worries you.

2 Likes