Enable Smart Card authentication using YubiKey 5Ci security key on macOS
If you use a MacOS, this post is relevant to locking the MacBook or MacBook Air to allow only Smart Card authentication / password-less sign-in.
Apple added smart-card authentication support starting from its macOS High Sierra 10.13.2 version. Recently I enabled smart card authentication using the YubiKey 5Ci security key.
Here are the four steps that I followed.
- Buy the YubiKey 5Ci security key from the Yubico site.
Of course, you can buy other security keys, such as Google Titan, but I prefer the YubiKey security key. I have yet to find an article indicating that you can use Google Titan security keys with macOS. This Google article describes the support for iOS but not for macOS.
The only reason you will have to buy a 5Ci security key is if you want to use the same security key on your iPhone as this supports both the USB-C and Lightning connector. Apple added support for security keys to sign in to an Apple ID account on iPhone from iOS 16 onwards.
2. Download and install the YubiKey Manager for macOS from the Yubico site and install it on macOS.
3. Set up macOS to use the YubiKey 5Ci security key.
You can follow the steps that are described by Quick Tech Solutions LLC on this YouTube How To Use Yubikey To Login To Your Mac.
4. Enable password-less sign-in.
If you want to completely lock down the MacBook or MacBook Air only to allow login through the YubiKey 5Ci security key and completely remove the Password sign-in method, follow this MacOS/Yubikey Login Part 2 — Lock Down MacOS Login To Yubikey Only.
