As others have said, Apple devices can now br passkeys, which is just a new term for WebAuthn + FIDO support. The linked article is about logging into your Apple ID, so you of course want another key for logging into that. But for other sites that support FIDO2+WebAuthn, I believe an Apple device can already function as a security key.
Or would be, if Apple devices did not routinely prompt you for your password. I find this incredibly annoying since my Apple ID uses one of those long, irregular passwords automatically generated by password managers and in the context where Apple wants your password there's no way to cut and paste it. I can use my phone with touch ID to authorize a $20k purchase but if I want to install a free app from the App Store I need my stupid password. I wonder why they do this.
I haven't had to enter my Apple ID password to install an app since I setup my phone. Just Face ID verification. Maybe you have this setting toggled? https://support.apple.com/en-us/HT204030
Or maybe Apple is just deciding to require it from you for mysterious reasons. Your IP could have a bad reputation and they're not sure if it's you. Though I think they sometimes they require the password just to keep you from forgetting it.
If they insist on this, I think it would be nice if they rigged their backend to allow me to enter the password from any of my devices. They already allow this from the Apple TV+ app on smart TVs, so the technical precedent exists within Apple.
At this time, the market is too small, and Apple can't possibly make their desired margins on them and compete with the others on the market. It's just not worth it.
> At this time, the market is too small, and Apple can't possibly make their desired margins on them and compete with the others on the market.
Disagree.
There are over 2 billion Apple devices deployed and tens of millions more get sold quarter, so market size isn't an issue.
There's no reason to believe Apple wouldn't be able to get their average margin of around 35% on a security device if they wanted to.
And what competition? The Apple branded security key would be the only one available via the online store that can be bundled with any Mac, iPad or iPhone purchase. And certainly the only one designed specifically for the Apple ecosystem.
It's just a matter of whether or not Apple can add features above and beyond what's typically available.
An easy one would be Find My integration like the AirPods Pro 2 case or the AirTag. Using Find My, the owner could periodically check (or Apple could automate it) that security key is where it's supposed to be, like a relative's house or bank deposit box.
Adding a U1 chip would allow the security key to be found if it were misplaced in a user's home… or in the event of a natural disaster like an earthquake.
And of course they could add TouchID to it, acting as a second factor so only the intended user could use it.
I'm sure I'm just scratching the surface of all the features Apple is uniquely positioned to add to a security key.
And most Apple products are made by a Taiwanese company manufacturing in mainland China based on Apple's instructions with Apple branding slapped on them (of course).
The difference is just the 'Designed in California' part, which in the case of a security key should be negligible in terms of cost outlay.
Will be interesting to see. I’m not sure they want to encourage people not already familiar with Yubikeys to use them. Impulse “hey this is cool” purchases might be a huge PITA.
Further reading:
- Apple's passkey security doc: https://support.apple.com/en-us/HT213305
- I liked this overview of Passkeys vs Yubikeys, but of course it's a bit biased: https://www.yubico.com/blog/a-yubico-faq-about-passkeys/