At least as of April 2024 Apple seems to treat FIDO2 Security Keys just like a trusted device. So I would still be getting the six-digits codes to confirm? Adding a hardware key wouldn’t add any security to my account, or am I missing something?
When you use Security Keys, you do not get a six-digit code.
With two-factor authentication — which is designed to make sure that you’re the only one who can access your Apple ID account — you need to provide two pieces of information to sign in with your Apple ID to a new device or on the web.
- The first piece of information is your Apple ID password.
- A security key can act as the second piece of information, instead of the six-digit verification code that is normally used.
Because you use a physical key instead of the six-digit code, security keys strengthen the two-factor authentication process and help prevent your second authentication factor from being intercepted or requested by an attacker.
1 Like
On that article it says that “when you use Security Keys for Apple ID, you need a trusted device or a security key”.
What do they mean when they say that I need a trusted device?
I understood that in the way that e.g. my iPhone and my FIDO2 key are treated in the same way and I can use both to authenticate.
on my apple ID with ADP on and 2x yubikeys enrolled, I don’t get codes and it prompts for the key every time
2 Likes
It’s saying you can add new security keys with a trusted device that is already logged in. You should enable stolen device protection separately if that worries you.
2 Likes