iPhone support for YubiKey OTP via NFC

Will my YubiKey NEO work on iPhones now that iOS 11 added some NFC support? It’s a fair question – one that we’ve been getting a lot of. This blog explains some of the details about iPhone support for YubiKey OTP to help bring some clarity to YubiKey users.

First, it’s important to understand the limited scope of Apple’s NFC support. Apple’s NFC APIs for iOS (Core NFC) allow iPhone apps to read the NFC Data Exchange Format (NDEF) records from certain NDEF tags (only supported on iPhone 7, 7 Plus, and up). However, there are a few limitations. Besides the fact that the NFC Reader interface can only be fired up from an app, Core NFC does not allow for write operations that are required for authentication protocols like FIDO U2F. That said, NFC on the iOS platform does not support Google’s recently announced Advanced Protection Program.

However, because NFC tag reading is supported, it allows developers to build apps, including consumer facing or purpose-built enterprise applications, with one-time passcode (OTP) support. Given that the YubiKey NEO can generate an OTP and send it to the requesting app via NFC, we finally have some good news for iPhone lovers: the YubiKey NEO will support OTP over NFC for applications that run on iOS11 and iPhone versions 7+. While Yubico acknowledges this progress, ubiquitous Apple support for strong authentication, namely FIDO protocols, remains out of reach at the moment.

For YubiKey users, this improves OTP two-factor authentication on the iPhone. Now they can authenticate with just a tap of their YubiKey NEO against the phone. Additionally, developers have a better authentication option to integrate with their mobile applications. One caveat remains: developers will have to build NFC support into each individual application to retrieve the OTP from the NDEF tag. Edit (28 May, 2018): See our new Mobile SDK for iOS.

In contrast, Android supports NFC natively in the platform. For example, Android developers can open the NDEF record for a URL with the default browser instead of opening up the specific app to read the NDEF tag. Furthermore, Android developers can also add FIDO U2F support using the Android FIDO U2F APIs.

While this is encouraging news, we realize it is not yet the complete desired solution. With Apple finally opening up parts of its NFC technology (just like with Touch ID a few years ago), we are hopeful that this standards-based approach will evolve. We know security is only as strong as its weakest link; it is high on our bucket list of things to solve for the ecosystem!

What can you do? As Yubico continues to advocate for ubiquitous, strong authentication for all, we invite you to join us in voicing or tweeting your concerns and desires to Apple to expand their NFC on iOS. As a customer-centric company, Apple will greatly value your input. To send developer feedback to Apple, visit their contact page or send a tweet to @AppleSupport.

Talk to our teamTalk to our team

Share this article:


  • Navigating the PCI DSS 4.0 transition and meeting compliance with phishing-resistant YubiKeysIn just a few days, on March 31, 2025, decision makers in industries that involve payment processing – including financial services, retail & hospitality and telecommunications – are tasked to finalize the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0. This deadline marks a critical juncture for all organizations handling payment card […]Read moreNISTPCI DSSPCI DSS 4.0
  • Building cyber resilience with Yubico and MicrosoftIn today’s digital landscape, cyber threats are evolving at an unprecedented pace: every second, a phishing attack takes place. In fact, over 80% of these attacks are the result of stolen login credentials and almost 70% of phishing attacks relied on AI last year alone. Recent data from Microsoft Entra also reveals a staggering increase […]Read moreMFA mandatesMicrosoft
  • Yubico’s commitment to innovation: Phishing-resistance as a cornerstone for cyber resilienceAs phishing attacks have reached an unprecedented level of frequency and sophistication, enterprises must prioritize authentication that is phishing-resistant – regardless of the business scenario, platform or device users are working with. This is why Yubico prioritizes consistent product innovations that deliver on our customer’s needs for modern, phishing-resistant authentication solutions that enable businesses to […]Read more
  • CEO Corner: Wrapping up a strong year, and looking ahead to 2025 and beyondIt’s no secret that 2024 was a big year of growth for Yubico, highlighted across many notable achievements by our team and increasing demand from our customers. As discussed in my previous post, following a transformative year driven by key cybersecurity trends like passkeys and AI, the year culminated in the significant step of Yubico […]Read moreCEOEarningsMattias Danielsson