Yubico was founded with the mission of making simple and secure logins ubiquitous. We started on this journey when the first YubiKey for seamless, one-touch authentication was launched in 2008, and it quickly evolved in 2012 when we started working closely with Google to create the FIDO Universal 2nd Factor (U2F) open authentication standard. FIDO U2F was the first standard of its kind to deliver the security of public key cryptography to the masses with a seamless and simple user experience. The first major milestone happened in 2014 when Google made support for FIDO U2F. Since then, we have come a long way.
The core inventions of FIDO U2F have evolved into the newer open authentication standards, FIDO2 and WebAuthn. With each passing year, more browsers and OS vendors have introduced native support for these standards, including Google, Opera, Mozilla, Microsoft, and Brave. Now, with Apple adding native support for FIDO and WebAuthn in iOS and iPadOS 13.3, these standards are supported by all platforms and browsers. Today, developers can make easy-to-use, privacy-preserving, strong authentication available to all users across all leading platforms and devices.
Having a global internet standard for web authentication just makes sense. In March of this year, WebAuthn was standardized by the World Wide Web Consortium (W3C), which provided one of the last milestones needed before Apple accelerated native support for WebAuthn and FIDO on all Apple operating systems. All platforms and browsers are now able to offer native support without the need to install drivers and middleware, so strong authentication just works everywhere. Doing it any other way wouldn’t make strong authentication ubiquitous, and certainly won’t accelerate making the internet safer.
Here are the highlights of native WebAuthn and FIDO support on iOS:
- iOS and iPadOS 13.3+ natively support FIDO-compliant security keys, like the YubiKey, using the WebAuthn standard over near-field communication (NFC), USB, and/or Lightning as appropriate to the Apple hardware being used.
- Currently, the WebAuthn second-factor use case (the FIDO U2F user experience) is the only log in flow that is supported. Security key-based biometrics or PIN (without the use of username and password) are not supported yet.
- Web apps via Safari, or mobile apps calling SFSafariViewController ASWebAuthenticationSession should work. If a service fails to work, it is likely that the provider is unaware that native support is now available on iOS, and needs to update their web flow. Please contact your service provider to make support.
With today’s announcement, Yubico now offers two great user experiences on iOS using a simple tap or a physical connection. Authentication via NFC is supported by the YubiKey 5 NFC or Security Key NFC by Yubico by just tapping the YubiKey at the top of an iPhone (7 and above). Authentication via physical connection is supported by the YubiKey 5Ci by plugging the YubiKey into the Lightning or USB-C port of an iPhone or iPad.
So, what can you do?
Developers and online services can learn how to rapidly add support, including how to enable native support on iOS. If you are a developer, sign up to join the Yubico Developer Program to be informed on the latest reference documentation, testing tools, and open source servers.
Individuals and companies who want easy, secure access to their daily online accounts — including those in financial, healthcare, and government services — can accelerate adoption by requesting support for YubiKey and WebAuthn.
Every generation, there comes a time when we are faced with a challenge — for us it is to make the internet safer by eliminating the threat of stolen online credentials. So daunting, so pervasive, so unsolvable, the mere thought to overcome it seems impossible. Today, Yubico is humbled by the many contributions our entire community has made, and would like to extend our utmost gratitude to every one of you that helped bring us one step closer to internet security ubiquity!