Hands-on: Yubico iPhone Security Key Works with Lightning and USB-C

YubiKey 5ci with an iPhone and an Android phone.
(Image credit: Yubico)

Users of iPhones now can finally catch up to their Android counterparts and use a physical security key as a second factor when logging into mobile accounts that require two-factor authentication (2FA).

Security-key maker Yubico today (Aug. 20) debuted the YubiKey 5ci ($70), the first security key to feature an Apple Lightning USB plug to use when logging into an online account for the first time from an iPhone. Of course, you've got to have the key registered for the account first.

The YubiKey 5ci also has a USB-C plug for use with Macs, Windows PCs and Android phones, making it a one-stop shop for anyone who uses newer Apple devices. The key won't yet work on iPad Pros with a USB-C port, however.

MORE: What Two-Factor Authentication Is -- and How to Enable It

Android owners have been able to use YubiKeys for years to log into 2FA-enabled accounts, thanks to the NFC (near-field-communication) chip built into many YubiKeys. But while iPhones can use NFC for Apple Pay, Apple doesn't like other companies' software interacting with NFC on iPhones. 

Hands-on with the YubiKey 

We got a YubiKey 5ci in advance and borrowed an iPhone to see how well the two devices play together. Unfortunately, we found that support for the 5ci on iOS was still pretty limited. 

We had no trouble registering the 5ci to our Google account using the USB-C port on a Windows PC, but when we tried to log into our Gmail account on iOS, the Google Smart Lock app on iOS, required for Google 2FA on iOS, didn't recognize the security key. 

That's actually fine, as the list of online services that supports the YubiKey 5ci on iOS is still pretty small and doesn't yet include Google. (It doesn't seem that Apple supports the FIDO2 standard that many websites implement for security keys.)

Yubico had told us that GitHub recognized the 5ci on iOS, but we couldn't get GitHub to recognize the key on a USB-C-enabled Windows PC, even though we were using the Brave web browser as Yubico suggested. We could register an older USB-A YubiKey with GitHub without trouble.

A YubiKey 5ci with a MacBook.

A YubiKey 5ci with a MacBook Pro. (Image credit: Yubico)

These are probably just teething issues. Yubico says the YubiKey 5ci is already supported by the LastPass and 1Password iOS apps, and many more online services are sure to follow, although each will have to implement its own support for the moment.

Other YubiKeys are supported by dozens of online services, including Dashlane, Dropbox, Facebook, Instagram, KeePass, Keeper, Microsoft, Nintendo, Okta, Reddit, Twitter and WordPress. You can even use one to log into your Mac.

Yubico isn't the only manufacturer of security keys. Google offers its Titan key bundle for $50, including a Bluetooth-enabled keyfob for devices that don't support NFC. The U.S. startup Solo sells a range of keys starting at $20. 

All these security keys support the FIDO2 open standard, but Yubico adds its own features and supports several more services that shy away from FIDO2, such as LastPass.

Security keys are among the most secure forms of two-factor authentication, and have become especially important now that cryptocurrency thieves have been stealing phone numbers to intercept texted 2FA codes and break into accounts. Google employees use security keys for their work accounts, and the company says it hasn't had a single compromised workplace account since. 

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
iPhone with USB-C charging cable
Apple’s proprietary USB-C controller has officially been hacked – what you need to know
An iPhone 16 in hand in front of MacBook Air 13-inch M3 on table
I paired an iPhone 16 with my MacBook Air — and now I pity Android users who are missing these features
The Apple Passwords app open on an iPhone in hand
Apple Passwords password manager review
Passwords app on iPhone next to iOS 18 logo
iOS 18.4 just got a handy security upgrade that will make your life easier
Apple iPhone 16 held in the hand.
Just got a new iPhone 16? Try these 10 features first
The Flipper Zero's cyber dolphin explaining how you can level him up
5 cool things you can do with your Flipper Zero
Latest in iPhones
iPhone 17 Pro render
iPhone 17 Ultra just tipped to replace Pro Max in new leak — with these key upgrades
RCS messaging on an iPhone
Forget green bubbles — iPhones will soon get encrypted RCS messaging to Androids
iPhone 17 Pro render
iPhone 17 Pro Max leak claims it’s ready for production — and seems to confirm its new design
iPhone 16e review.
iPhone 16e is facing Bluetooth problems — here's what's going on
iPhone 17 Air vs iPhone 17 Pro Max
iPhone 17 Air vs iPhone 17 Pro Max: Everything we know so far
iOS 19 logo on an iPhone
iOS 19 risks turning Apple Intelligence into the new Siri — and that's not good
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Saturday, March 15 (#643)
iPhone 17 Pro render
iPhone 17 Ultra just tipped to replace Pro Max in new leak — with these key upgrades
RCS messaging on an iPhone
Forget green bubbles — iPhones will soon get encrypted RCS messaging to Androids
CAD renderings of the Google Pixel 10 Pro
Latest Google Pixel 10 leak could make you want to skip it altogether
Nintendo Switch 2
Nintendo Switch 2 — analysts say it will be massive hit even with price hike
Jason Sudeikis as Ted Lasso in Ted Lasso season 3
‘Ted Lasso’ season 4 is official — here’s what Jason Sudeikis revealed