Yubico Makes It a Lot Easier to Use a Physical Security Key on Older iPhones For Super-Secure Logins

Illustration for article titled Yubico Makes It a Lot Easier to Use a Physical Security Key on Older iPhones For Super-Secure Logins
Photo: Yubico

A hardware security key adds an almost bulletproof second layer of security for your password-protected accounts and info, but using them with mobile devices like iPhones has been less than straightforward. Today, Yubico is hoping to streamline that process with its new YubiKey 5Ci security key which is the first to feature both a Lightning connector for iOS devices, as well as USB-C.

Advertisement

For two-factor authentication, instead of having to open an authenticator app to grab a one-time code, or wait for one to be sent VIA text message or a phone call (a far less secure method) users can simply plug the key into a computer or mobile device after logging in with their username and passwords and tapping a button on the key. The YubiKey 5Ci supports the FIDO (Fast IDentity Online) open authentication standard so, at least in theory, it should be compatible with any apps and browsers that support FIDO too. At this point, however, iOS apps need to be specifically coded to support the 5Ci, but at launch those that do include popular password managers like 1Password, LastPass, Dashlane, single sign-on tools like Okta, and even the Brave iOS browser alternative.

There are other hardware security keys that already work with mobile devices through either a wireless NFC or Bluetooth connection, but an intermediary step is often required, such as the Smart Lock app that allows Google’s Titan Security Key to work with iPhones and iPads. Yubico’s YubiKey 5Ci simplifies the process by plugging right into an iOS device’s Lightning or USB-C port, but it still might not be the best solution for every iOS user. It’s also worth remembering that a vulnerability was found in the Bluetooth security of Google’s Titan Security key back in May. The security concerns over Bluetooth were predicted by Yubico prior to the Titan Key’s release.

Advertisement

If you’ve got an iPhone 7 or a newer model, Yubico actually suggests going with the company’s YubiKey 5 NFC instead. At $45 it’s actually cheaper than the new $70 YubiKey 5Ci, which makes buying a second as a backup far more affordable. But for users with iPhones older than the 6S that don’t have NFC, or those who also carry an Android phone with USB-C, the new 5Ci might be the better solution as over time more and more apps will eventually add support for it.

Share This Story

Get our newsletter

DISCUSSION

This is a great idea, but as long as most websites don’t support good security it’s fighting a losing battle.

I recently went through all my stored passwords and updated every single one - which showed me just ow shitty some sites were. My main bank doesn’t support 2FA, so right now my homedepot.com account has better security than my checking account and mortgage. Even worse, IHG.com only supports a 4 digit PIN - not even a password, never mind a complex one. There are also way too many sites that stick to the outdated 1990s rules of 8-12 characters, no special, must have one capital letter, etc. and those that don’t allow pasting of a password or integration with a PW manager.