Apple Explains iOS 16.3's New Security Keys Feature

by

Apple this week shared a support document with details about its new Security Keys for Apple ID feature, available starting with iOS 16.3, iPadOS 16.3, and macOS 13.2. The document provides an overview of the feature and explains how to use it.

Apple advanced security Security Keys screen Feature crop
Apple says the optional security feature is designed for individuals who want "extra protection from targeted attacks, such as phishing or social engineering scams." When it is enabled, signing into an Apple ID requires entering your account's password and then using a FIDO Certified security key to complete two-factor authentication, instead of a traditional six-digit verification code from another Apple device.

Those who enable the feature must be very careful not to lose their security keys, as this could result in losing access to your Apple ID account permanently. For this reason, you must set up at least two security keys, with up to six supported in total.

Apple recommends keeping security keys in more than one place. For example, you could hide a key somewhere at home as a backup solution.

"Keep your security keys in a safe place, and consider keeping a security key in more than one place," the document says. "For example, keep one key at home and one key at work. If you're traveling, you might want to leave one of your security keys at home."

To enable Security Keys for Apple ID on an iPhone or iPad, open the Settings app, tap your name, tap "Password & Security," select "Add Security Keys" and follow the on-screen instructions. On the Mac, open the System Settings app, click on your name, click "Password & Security," click "Add" next to "Security Keys," and follow the steps.

Security keys can be removed at any time by repeating the steps outlined above and tapping or clicking on "Remove All Security Keys," at which point your Apple ID reverts to using a six-digit verification code for two-factor authentication.

Many security keys look similar to a USB thumb drive, with some options available with NFC for wireless use and others equipped with Lightning, USB-C, and/or USB-A ports for direct connectivity with iPhones, iPads, and Macs. Apple recommends a few security keys in the document, such as the YubiKey 5Ci with both Lightning and USB-C.

Apple's document provides some other important details, so it is worth reviewing before enabling the feature. For example, you can't sign in to iCloud for Windows when the feature is enabled, and some types of Apple ID accounts are not supported.

Related Forum: iOS 16

Popular Stories

iOS 18

iOS 18.4 Will Include These New Features for Your iPhone

Wednesday February 5, 2025 7:15 am PST by
iOS 18.3 was released last month, so the first iOS 18.4 beta should be coming soon. iOS 18.4 is expected to be a more substantial update for the iPhone, with several new features and changes related to Apple Intelligence and beyond. Apple's website suggests that iOS 18.4 will be released in April, following beta testing. Below, we outline what to expect from the update so far. Apple...
Read Full Article
General Apple Invites Feature

Apple Launches New 'Invites' App

Tuesday February 4, 2025 8:00 am PST by
Apple today announced the launch of a new app called "Invites," which is designed to allow users to plan events like birthday parties, graduations, vacations, baby showers, and more. "With Apple Invites, an event comes to life from the moment the invitation is created, and users can share lasting memories even after they get together," said Brent Chiu-Watson, Apple's senior director of...
Read Full Article274 comments
App Store vs EU Feature 2

Apple Says It Doesn't Approve of EU Porn App

Monday February 3, 2025 1:15 pm PST by
Apple does not approve of the "Hot Tub" pornography app that was released for the iPhone in the EU using alternative app distribution, Apple said in a statement to MacRumors. Further, Apple is concerned about the potential user safety risks with a pornography app, and says that it undermines consumer trust in the Apple ecosystem. We are deeply concerned about the safety risks that hardcore...
Read Full Article523 comments
maxresdefault

An Apple TV Refresh is Coming in 2025 - Here's What You Should Know

Wednesday February 5, 2025 10:17 am PST by
Apple hasn't refreshed the Apple TV since 2022, but rumors suggest that we're finally going to get an update in 2025. We don't have a full picture of what to expect yet, but we have some hints on what's coming. Subscribe to the MacRumors YouTube channel for more videos. Updated A-Series Chip The current Apple TV 4K uses the A15 Bionic chip that was in the iPhone 13 lineup, and it's time for...
Read Full Article181 comments
applecare apple care banner

Apple Raises Monthly AppleCare+ Subscription Price for All iPhones

Tuesday February 4, 2025 9:35 am PST by
Apple this week increased the prices for its monthly AppleCare+ subscription prices for the iPhone, raising the cost by 50 cents for all models in the United States. Standard AppleCare+ for the iPhone 16 models is now priced at $10.49 per month, for example, up from the prior $9.99 per month price. The 50 cent price increase applies to all available AppleCare+ plans for Apple's current...
Read Full Article142 comments
iCloud General Feature Redux

'Apple Invites' Leaked on iCloud Website

Tuesday February 4, 2025 7:11 am PST by
Update: The new Apple Invites app has officially been announced. The main iCloud.com page has seemingly confirmed Apple's rumored invites tool, which has yet to be officially announced by the company. The page says "Apple Invites" will be an iCloud+ feature:Upgrade to iCloud+ to get more storage, plan events with Apple Invites, and have peace of mind with privacy features like iCloud...
Read Full Article28 comments
maxresdefault

Testing Apple's New Invites App for Event Planning

Tuesday February 4, 2025 10:26 am PST by
Apple today surprised us with a new Invites app, which is designed for planning events like birthday parties, vacations, and baby showers. We checked it out in our latest video to see how it works, what you can use it for, and to demonstrate all of the different features in the app. Subscribe to the MacRumors YouTube channel for more videos. Invites is a standalone app that you can download...
Read Full Article99 comments
disney

Disney+ Loses 700,000 Subscribers Following Price Increase

Wednesday February 5, 2025 3:34 pm PST by
Disney+ lost 700,000 subscribers worldwide in recent months, according to Disney's earnings results for the first quarter of 2025. Disney said it now has 124.6 million Disney+ subscribers, a decrease of 0.7 million compared to its subscriber numbers in the fourth quarter of 2024. The drop in subscribers comes after Disney+ prices increased in the fall. Disney+ with Ads went from $7.99 to...
Read Full Article170 comments

Top Rated Comments

now i see it Avatar
now i see it
27 months ago
iPhone Forum:

I lost my security key and forgot my password. Am I screwed?
Score: 21 Votes (Like | Disagree)
krspkbl Avatar
krspkbl
27 months ago
I bought 2x Yubico Keys for this. Well, not just Apple but my other accounts too obviously. I've been thinking of getting a key for a while but now Apple supports it I might as well jump on it now.

I got the Yubico 5 NFC key. Won't arrive for a couple days but excited to set it up. I'll have a read over the document to familiarise myself with how to set it up. Unfortunatly most people won't care about security keys so I am one of the few who see this is as the biggest feature of 16.3!

Requiring 2x keys will put a lot of people off, I think. I spent almost £100 on the 2 keys. Other accounts allow you to set them up with just 1. I think it's good that Apple requires 2 keys to set it up. If you don't want to spend £100 on security then might as well not bother using a key at all.
Score: 13 Votes (Like | Disagree)
BenGoren Avatar
BenGoren
27 months ago
“For example, you could hide a key somewhere at home as a backup solution.”

No; please don’t do this. You’ll just forget where you put it

“ … and one key at work.”

*PLEASE* don’t do this! Whoever owns the company can trivially steal your account if you do so. Even if you’re the person who owns the company, whoever cleans your office could steal your account.

You should have a secure place at home to keep important documents. At the very least, a drawer of a filing cabinet, but a small fireproof safe is preferable. You can decide the level of security you need, all the way up to a personal bank vault — but don’t rely on obscurity to keep it secure. Keep the backup there.

And it’s a good idea to have a safe deposit box at a bank. Keep the other backup there.

If you really need more than those two backups, then add more safe deposit boxes at different banks, or a locked fireproof safe at a trusted family member’s home, or some other variation on the theme. But you almost certainly don’t need nor want that many backups.

Incidentally, these are also where you should be keeping portable hard drives with backups of whatever data you most care about.

b&
Score: 7 Votes (Like | Disagree)
riverfreak Avatar
riverfreak
27 months ago

Two-factor authentication is enough major PITA. I don't work for the NSA, so major pass.

Anyone else want a phone dongle?

Wonder how long it will be before a future iOS update turns it on by default.

Here's a scenario; some of the ppl using these things will be dealing with nuclear emergencies and will lose their dongle and backup dongle or have them appropriated for espionage. Doesn't anyone at Apple ever think of worst-case scenarios?

I know. Corporate culture.
2FA is a total pain? So is having your bank account drained.

I don’t use sites or services that can’t be bothered to implement 2FA, at a bare minimum via SMS which I despise as it isn’t always VOIP or travel-friendly. I’ve even moved financial institutions as they refused for years to add 2FA.

Security keys FTW. Different strokes I guess.
Score: 6 Votes (Like | Disagree)
ajf.350d Avatar
ajf.350d
27 months ago
If Apple would kindly put NFC in iPads and Macs as well this would be even better, and quicker to use.
Not sure why it isn’t.

Regards keeping one at work, ‘they’ would still need to know the actual account username and password, so fairly low risk, and for most people the most obvious/easiest off site option.
Advantage of course if you work in IT and have access to a media safe ?
Score: 5 Votes (Like | Disagree)
krspkbl Avatar
krspkbl
27 months ago

Two-factor authentication is enough major PITA. I don't work for the NSA, so major pass.

Anyone else want a phone dongle?

Wonder how long it will be before a future iOS update turns it on by default.

Here's a scenario; some of the ppl using these things will be dealing with nuclear emergencies and will lose their dongle and backup dongle. Doesn't anyone at Apple ever think of worst-case scenarios?

I know. Corporate culture.
You already need 2FA enabled on your Apple account for things like Airtags, iCloud Keychain, Find my iPhone, Apple Card/Cash, and Sign in with Apple.

I don't think they'll force people to use physical keys but they'll keep pushing 2FA. As it is I don't mind having 2FA enabled as it makes my account secure.
Score: 5 Votes (Like | Disagree)
Read All Comments