Apple now supports hardware security keys for Apple Account (formerly Apple ID) as a phishing-resistant two-factor option. We tested the top FIDO2 keys — YubiKey 5, Security Key Series, Feitian, and YubiKey Bio — to find the best fit for iPhone, iPad, and Mac users.
Apple added support for hardware security keys with iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2. Instead of typing a six-digit code from an SMS or authenticator app, you tap a physical key to sign in. It's phishing-resistant — even if someone tricks you into visiting a fake Apple login page, your key won't respond. Here's the best hardware security key for your Apple account.
The YubiKey 5 Series is the most versatile hardware key you can buy. It supports FIDO2/WebAuthn, FIDO U2F, and older protocols like OTP and PIV — meaning it works with Apple accounts and hundreds of other services. The 5C NFC model (USB-C + NFC) is the sweet spot for Apple users: tap it on the back of your iPhone via NFC or plug it into a MacBook's USB-C port.1
Why it wins: Apple explicitly lists the YubiKey 5C NFC as a compatible key for Apple Account security keys.1 It's also FIDO Certified, which means it meets the interoperability standard Apple requires.
If you don't need OTP or PIV (most people don't), the Yubico Security Key Series is the same core hardware at a lower price. It supports FIDO2 and FIDO U2F only — exactly what Apple requires — and comes in USB-C/NFC or USB-A/NFC variants.1
What you give up: No Yubico Authenticator, no OTP, no PIV smart card. For Apple account protection only, you won't miss any of it.
Feitian's ePass FIDO2 Security Key is another FIDO2-certified option that Apple lists as compatible.1 It's available with USB-C + NFC or USB-A + NFC, and it's often a few dollars cheaper than Yubico's equivalent. Build quality is solid, and it passes the same FIDO Alliance certification tests.
The catch: Feitian's software ecosystem is less polished than Yubico's. If you just need a key that works, it's fine. If you want firmware updates or management tools, Yubico is better.
The YubiKey Bio adds a fingerprint sensor on top of FIDO2 authentication. Instead of tapping the key and then entering a PIN on your phone, you tap the key and scan your finger. It's faster and more convenient for daily use.1
Trade-off: The Bio only supports FIDO2 — no OTP or PIV. And it's the most expensive key here. Worth it if you hate typing PINs on a tiny iPhone screen.
| Feature | YubiKey 5C NFC | Security Key NFC | Feitian ePass | YubiKey Bio |
|---|---|---|---|---|
| Price tier | $55 | $29 | $25 | $80 |
| Protocols | FIDO2, U2F, OTP, PIV | FIDO2, U2F | FIDO2, U2F | FIDO2, U2F |
| Connector | USB-C + NFC | USB-C + NFC | USB-C + NFC | USB-C + NFC |
| Biometric | No | No | No | Fingerprint |
| Apple listed | Yes1 | Yes1 | Yes1 | Yes1 |
Apple requires at least two hardware security keys registered to your account.2 You can't use just one. The logic: if you lose your only key, you're locked out. With a second key stored somewhere safe (a desk drawer, a safe, a trusted friend), you have a fallback.
You can mix and match — a YubiKey 5 as your daily carry and a cheaper Security Key as your backup. Both must be FIDO2-certified, which all the picks above are.
On a Mac, the path is System Settings > [Your Name] > Sign-In & Security > Security Keys.
Important: After enabling security keys, you can't sign in to iCloud for Windows or older devices that don't support hardware keys. Keep that in mind before switching.2
This page was written by the engine and the engine is still on the line. The conversation below picks up where the article stops.
Yes — the picks above are the engine's current verdicts. Ask a sharper version of this question below and you'll get a custom answer with the latest pricing.