Apple testing USB security key support for Safari
Apple's latest Safari Technology Preview includes support for the WebAuthentication API, which allows users to validate website login credentials via hardware security keys that typically come in the form of a USB stick.

Apple's Safari web browser.
According to release notes covering Apple's Safari Technology Preview version 71, which was released on Wednesday alongside iOS and macOS software updates, the new WebAuthn capability supports USB-based CTAP2 devices.
Developed by the World Wide Web Consortium (W3C) and the FIDO Alliance, WebAuthn is an effort to standardize and enhance the user authentication process across various systems and online gateways. The specification Apple is testing -- Client-to-Authenticator Protocol 2 -- is a product of the wider FIDO2 standard that enables hardware-backed authentication across the web.
USB-based CTAP2 devices, also known as authenticators or USB security keys, grant a higher level of protection than simple text-based passwords. Instead of relying solely on text-based passwords, which can be stolen or forgotten, the system introduces a physical hardware component into the mix.
Some solutions that rely on the technology require another form of authentication alongside the authenticator. Depending on the system, authentication might involve biometrics, location information, time stamps or password re-entry, among other safeguards. The end result is a strong, multi-factor security protocol that can be deployed across multiple compliant platforms with relative ease.
As noted by CNET, which reported on the Safari Technology Preview earlier today, FIDO2 also supports Bluetooth and near-field communications for hardware authentication, though the current Safari test build is restricted to direct USB connections. The limitation means users will need to insert a security key into their Mac when accessing sites that support CTAP and CTAP2, like Dropbox and Twitter.
WebAuthn in Safari is considered an "experimental feature," though it could show up in a future version of Apple's web browser.

Apple's Safari web browser.
According to release notes covering Apple's Safari Technology Preview version 71, which was released on Wednesday alongside iOS and macOS software updates, the new WebAuthn capability supports USB-based CTAP2 devices.
Developed by the World Wide Web Consortium (W3C) and the FIDO Alliance, WebAuthn is an effort to standardize and enhance the user authentication process across various systems and online gateways. The specification Apple is testing -- Client-to-Authenticator Protocol 2 -- is a product of the wider FIDO2 standard that enables hardware-backed authentication across the web.
USB-based CTAP2 devices, also known as authenticators or USB security keys, grant a higher level of protection than simple text-based passwords. Instead of relying solely on text-based passwords, which can be stolen or forgotten, the system introduces a physical hardware component into the mix.
Some solutions that rely on the technology require another form of authentication alongside the authenticator. Depending on the system, authentication might involve biometrics, location information, time stamps or password re-entry, among other safeguards. The end result is a strong, multi-factor security protocol that can be deployed across multiple compliant platforms with relative ease.
As noted by CNET, which reported on the Safari Technology Preview earlier today, FIDO2 also supports Bluetooth and near-field communications for hardware authentication, though the current Safari test build is restricted to direct USB connections. The limitation means users will need to insert a security key into their Mac when accessing sites that support CTAP and CTAP2, like Dropbox and Twitter.
WebAuthn in Safari is considered an "experimental feature," though it could show up in a future version of Apple's web browser.
Comments
https://en.wikipedia.org/wiki/Multi-factor_authentication
I've had a Yubikey for 10 years, waiting for Internet security to catch up. Meanwhile, Yubikey has added NFC authentication as well as FIDO U2F, FIDO 2, OpenPGP, OATH and FIPS 140-2 compliance. Apparently, it took Google getting into the USB key business this year to kickstart universal interest. *sigh* Better late than...
https://en.wikipedia.org/wiki/YubiKey
https://www.yubico.com
I don’t know why I always have a problem but whenever I set up a new device for my girlfriend, I never get the 6 digit code pop up on any of her other devices.
I don’t trust FaceID or TouchID and have been using a 20+ digit pass phrase instead. It would be nice for Apple to approve hardware based authentication throughout.
The complex password is obviously inconvenient...
I’d trust FaceID + hardware enough to use it. A wireless hardware key isn’t ideal due to the risk of interception of the key, but it’s “good enough” when part of 2FA.
I suppose I could use a 4 digit password in addition to the other 2 if I was feeling anal ; )
It’s good that Apple is getting with the program, even if it’s only with Safari (at this point).