I wanted to add hardware 2FA to Apple ID, and noticed this particularly strange requirement.
I get that two keys is ideal (one as daily driver and one as a backup), but who actually REGULARLY uses both keys? Seems strange.
Can anyone who has this already setup shed some light?
Are you talking about this?
At least two FIDO® Certified* security keys that work with the Apple devices that you use on a regular basis.
I think “the Apple devices that you use on a regular basis” is the part that belongs together.
That would make more sense! Kind of.
I don’t have an Apple device that I use on a regular basis. Does this mean that hardware 2FA won’t work?
Well, then it means you have nothing to worry about since you don’t have any devices it could be incompatible with.
Agreed, I think this is what is being suggested.
I have 3 keys. One is for regular use at home, second is with me on the go and third as a backup.
Yubikeys or something else?
Yes, Yubikeys.
I ran into an issue with hardware 2FA enabled and a new phone.
One of my Ubikeys is always plugged into my desktop, the other is on my keychain for wireless authentication with my phone.
Apparently, only the most recently used hardware 2FA is allowed to authenticate wirelessly to add a new device. Since my other Ubikey wasn’t wireless the only recourse was to remove the hardware 2FA, add the phone and then re-add the hardware 2FA.