Yubico has finally received approval from Apple to develop a hardware authentication token that works on iPhones and iPads.
Yubico has become nearly ubiquitous in the field of hardware authentication in recent years. Its YubiKey token can add a second layer of security to your online accounts and even allow you to avoid using passwords entirely. The only issue? It’s largely inoperable on the iPhone. That is about to change.
The result is that Yubico has received MFi certification, which means that Apple will officially support it as a hardware partner. To that end, the company will be able to produce a YubiKey that will fit into the iPhone and iPad’s proprietary Lightning port, providing those devices with the seamless security that is already so effective on PCs. On the other hand, it will include a USB-C connector for MacBooks.
There are some caveats to the news. Yubico will not have a product until later this year and will require developer support for its Lightning token to reach its full potential. “It’s iPhone; it’s restrictive,” says Yubico’s senior vice president of product, Jerrod Chong. “We’re not quite there with default settings on an iPhone yet, so developers will need to do some work to enable their apps to work with the Lightning key.”
One significant limitation is that Apple does not yet natively support FIDO2, an open-source standard that allows you to access your online accounts by simply inserting a hardware token rather than entering a password. So, for example, if you want to use a Lightning-compatible YubiKey with Gmail, Google must provide support.
Yubico has yet to announce any partners, but it has a head start. It expanded its iOS software development kit to include Lightning in August; the SDK was first released in March to help jury-rig support for near-field communication (NFC) connections. Even with support from developers such as LastPass, NFC proves to be a particularly ineffective method of managing authentication on an iPhone.
A YubiKey, for example, can only use one-time password authentication over NFC, which is a one-way protocol. Bluetooth allows for two-way communication, but you’re just as likely to accidentally pair with your soundbar rather than your smartphone.
“At a high level, there are three ways to communicate with the iPhone today,” Chong explains. “You can communicate using NFC, but it’s very limited in terms of what you can do. Bluetooth can be used to communicate; however, it is not very reliable. The third option is a hard connection.”
That brings us back to the Lightning YubiKey, which may become even more useful by the time it is released. While Apple does not currently support FIDO2, the latest technical preview for Safari suggests that it may be on the way. If iOS adopts the passwordless login standard, it will not only spread across the platform but will also be ubiquitous across all major operating systems.
A thumbs up for an iOS YubiKey may be minor news, but it foreshadows a bright future in which the only password you need to remember for any of your devices is stored on your key ring rather than in your memory.
