Portability. I use YubiKeys with desktop Macs, MacBooks, iPads, and iPhones. The alternative would be to create (Secure Enclave) keys in each of those devices and register each of those keys with each thing requiring authentication... which could take a while.
I guess the alternative is something like Passkeys synchronized via iCloud Keychain. Hopefully Apple is encrypting the Passkey key material within the Secure Enclave using each other Secure Enclave's public key. Otherwise it kind of defeats the whole purpose of having a Secure Enclave. (If I remove a YubiKey from a computer, I have some assurance that computer can't authenticate with YK-controlled accounts.)
We support both at work (touchid and yubikey) and often I have my laptop in clamshell mode, so in that sense it’s easier to use the yubikey. Probably not the best reason, but works for me!
Portability. I use YubiKeys with desktop Macs, MacBooks, iPads, and iPhones. The alternative would be to create (Secure Enclave) keys in each of those devices and register each of those keys with each thing requiring authentication... which could take a while.
I guess the alternative is something like Passkeys synchronized via iCloud Keychain. Hopefully Apple is encrypting the Passkey key material within the Secure Enclave using each other Secure Enclave's public key. Otherwise it kind of defeats the whole purpose of having a Secure Enclave. (If I remove a YubiKey from a computer, I have some assurance that computer can't authenticate with YK-controlled accounts.)
> Hopefully Apple is encrypting the Passkey key material
iCloud Keychain has always been e2e encrypted. If you lost and recovered your Apple password, you'd lose all your stored passwords.
We support both at work (touchid and yubikey) and often I have my laptop in clamshell mode, so in that sense it’s easier to use the yubikey. Probably not the best reason, but works for me!
I also do clamshell but I bought a Magic Keyboard with Touch ID.