YubiKey NEO brings hardware 2FA security to iOS: What you should know

Yubico made a couple of exciting announcements concerning its YubiKey NEO authentication hardware today. The first is that the key is now compatible with iPhones, allowing users to employ two-factor authentication methods that don't need to rely on SMS verification codes. Yubico has also announced a new software development kit for the YubiKey NEO, which will hopefully translate to more developers supporting the device in their iOS apps.

If you own a Mac or a PC, you might already be familiar with the YubiKey NEO, which is a physical key that houses an NFC chip. By connecting the YubiKey to your computer via USB, you can use it to satisfy your two-factor authentication requirements with the touch of a button, removing the hassle of dealing with SMS messages that instruct you to enter a time-limited code every time you attempt a log in.

Now, that functionality is making its way to iPhone 7 and later, thanks to Apple offering third-party access to the phone's NFC chip beginning in iOS 11. Yubico has wasted little time in pushing this SDK out the door, even announcing today that LastPass is the first iOS app to support 2FA through YubiKey NEO. If you're not a LastPass user, there isn't much reason to pick up a YubiKey just yet, as that's the only app to support Yubico's approach to 2FA at this time.

The hope, however, is that others will quickly join LastPass in supporting YubiKey. Developers for Mac and PC have been receptive toward YubiKey, which is an encouraging sign for Yubico's mobile efforts. The YubiKey SDK has supported Android for a while now, so it's nice to see it spread to iOS now that Apple has opened up the NFC floodgates, so to speak.

If you're a developer and you want to implement YubiKey NEO support in your app, you can find the SDK over on Yubico's website. If, on the other hand, you're a consumer and you want to pick up a key for yourself, that's possible through Yubico's store. The YubiKey NEO will set you back $50, but that's a small price to pay if it means you might one day be free of SMS 2FA codes without skimping on – and in fact, improving – security.