Hardware Security Keys on iOS

This guide provides important compatibility information and troubleshooting tips for using hardware security keys with Keeper on iOS devices. If you're encountering issues with PINs, autofill, or NFC key support, this page will help you understand which iOS versions are compatible and how to resolve common problems.

Which hardware keys are supported with Keeper on iOS?

• Keeper works with any FIDO® Certified security keys. Ensure you have the latest version of Keeper installed for full compatibility with hardware keys.

  • For a complete list of certified keys from the FIDO Alliance, visit the FIDO® Certified Showcase.

• Unsupported Keys: Currently, software keys such as Passkeys or iCloud Keys are not supported for login or autofill with Keeper.

What are the iOS version requirements for hardware key compatibility?

To help you understand the compatibility of your iOS version with hardware keys and Keeper, refer to the table below:

Do I need a PIN for my hardware security key on iOS?

• Setting a PIN for your hardware security key is optional. You can choose whether or not to set up a PIN when configuring your key. The PIN setup process is done through the hardware key manufacturer’s software (e.g., Yubico Authenticator).

• Once a PIN is set for your security key, iOS will ask you to enter the PIN every time you use the key, whether for login or filling passwords.

• No PIN Bypass: Unlike the Keeper Web Vault, iOS does not support bypassing the PIN. You must enter the PIN each time the key is used.

What happens if I enter the wrong PIN for my hardware key too many times?

• If you enter the wrong PIN 6 times in a row, your hardware key will be locked. To unlock it, you will need to reset the key before you can use it again.

  • To reset your hardware security key please use the hardware key manufacturer’s software (e.g., Yubico Authenticator).

Can I use NFC hardware keys on iOS devices?

• Yes, NFC hardware keys are supported on most iOS devices.

• iPads do not support NFC hardware keys at all. This is a restriction at the OS level, and only physical hardware keys that plug into the device (via Lightning or USB-C) will work.

• NFC hardware keys are not supported in Keeper extensions (Autofill | KeeperFill) on iOS.

  • Recommendations to work around this limitation can be found HERE.

Can I use my hardware keys on my iPad?

• Yes, you can use hardware security keys with your iPad, but please note that only hardware keys that plug into the device (via Lightning or USB-C) are supported. NFC hardware keys are not compatible with iPads due to limitations at the OS level. This means that if you're using a hardware key with only NFC functionality, it will not work on iPad devices.

  • Combination hardware keys, that support both plug-in and NFC, will work via the plug-in method only.

  • USB-C keys require Keeper Version 16.12.0 or greater.

For iPad users, ensure your key is compatible with the appropriate connector (Lightning or USB-C) and that you have the latest version of Keeper installed to ensure full functionality.

Known Issues

YubiKey FIDO PIN Loop

Issue Overview: Some users with FIDO CTAP 2.1 compliant security keys (specifically YubiKeys with firmware version 5.7) may experience an issue after upgrading to Safari 18.1 or iOS/iPadOS 18.1. When attempting to authenticate, they are repeatedly prompted to enter their FIDO PIN in a loop, even after entering it correctly. This prevents the authentication process from completing.

Affected Devices and Scenarios

• Operating Systems: iOS 18.1, iPadOS 18.1, and macOS 15.1 (with Safari 18.1).

• Specific Behaviors on iOS/iPadOS:

  • Physical Key (USB-C/Lightning): When the key is plugged in, users often receive an error message immediately after entering the FIDO PIN.

  • NFC Authentication: The system may fail to prompt the user to tap their security key.

Status & Recommendation

Apple has resolved this FIDO PIN loop issue. The fix is included in the public releases of iOS 18.2, iPadOS 18.2, and macOS 15.2. Please update your device to the latest available software version through Settings > General > Software Update.

Troubleshooting & Workaround Options If you're unable to update your device immediately or are still encountering issues, consider the following options;

1. Re-register Your Key: If you have updated to iOS/iPadOS 18.2 and the issue persists, removing the security key from your account settings and then re-registering it can sometimes resolve lingering problems.

2. As a temporary workaround, you can log into your Keeper account on another device or browser and remove the hardware key from your authentication settings. This will allow you to use other two-factor authentication methods until you can update your iOS device.

For more details and updates, please refer to the Yubico support article.

Long-Tap Autofill and Hardware Security Keys

With the addition of iOS 18, Apple introduced a new long-tap autofill feature that allows users to quickly fill in login credentials from their password manager directly into apps or websites. However, when using a hardware security key for authentication, long-tap autofill will not work as expected. This limitation occurs because the system requires interaction with the hardware key to complete authentication, which isn’t compatible with the autofill feature’s workflow.

Affected Devices and Scenarios

• iOS/iPadOS 18+ Devices: The long-tap autofill feature does not work with accounts secured by hardware security keys.

Recommendation To work around this limitation, we recommend using the following steps:

1. Enable "Stay Logged In":

   1. Open the Keeper app and enable the "Stay Logged In" option. This will ensure you remain authenticated for a longer period, allowing long-tap autofill to function without needing to re-authenticate with your hardware key.

2. Log into the Keeper Main app on your iOS device and then you can proceed to use the long-tap autofill feature as intended.