A password-free future once seemed like a dream, but it’s fast becoming a reality. On June 6th 2022, Apple announced at its Worldwide Developer Conference (WWDC) that it’s bringing passwordless logins to Macs, iPhones, iPads, and Apple TVs by September 2022.
Password Attacks are rising; hence the idea is to let users log in to websites and apps using the new Apple Passkey feature built into iOS 16 and macOS Ventura. All you need is your Touch ID or Face ID!
With the public beta rolling in, we’ve decided to dive into Apple’s passwordless authentication method and tell you all about how it eliminates the need for a password manager.
What is an Apple Passkey?
Apple Passkey is a technology built to replace passwords on apps and websites accessed via Apple devices. This is simply Apple’s version of the FIDO credential, a cutting-edge, fast, and secure authentication standard based on cryptography.
It’s a stronger, more convenient system resistant to all types of password attacks and phishing. Once released, Apple’s wireless trackpad passkey will work across all Apple devices and a few non-Apple devices within close proximity.
The technology is built on the Web Authentication standard using public-key cryptography. When registering an account on an app or website, the OS via your device generates a unique key pair. The public cryptographic key is saved on the server and doesn’t require protection. Meanwhile, the secured private key is kept secret—which you’ll use for actual sign-in.
Moreover, Apple’s passkey login method can sync across a user’s many devices via iCloud Keychain. End-to-end encrypted and requiring two-factor authentication, iCloud Keychain protects against unauthorized Apple ID access. It also safeguards a user’s saved passwords and passkeys in the event of account compromise such as an attack, third-party access, etc.
Does Apple Passkey Substitute a Password?
Yes, Apple Passkeys are set to replace passwords completely. The new technology is designed to use Face ID and Touch ID biometric authentication to authorize the passkey, which allows the user to log into an app or website seamlessly—without entering a password.
Apple officials claim Apple Passkeys are even stronger than the multi-factor authentication method. Besides cryptographic technology, Apple Passkeys come with additional protection thanks to iCloud Keychain.
Once enabled, iCloud Keychain allows a user’s device to generate and store a “syncing identity” using a unique key pair on its keychain. New devices can only join this “syncing circle” by being sponsored by an existing iCloud Keychain-enabled device or with iCloud Keychain recovery—which, in turn, requires multi-factor authentication.
How to Set up an Apple Passkey?
Setting up Apple Passkey is quite simple. You just have to use biometric features like fingerprint, iris, or retina recognition. To log into a passkey-enabled app or website with your Apple device:
- Choose the passkey option.
- Use your Touch ID or Face ID to authenticate the passkey and log in.
- Your unique Apply Passkey has now been created for that specific website or application, and stored on your device.
It’s as easy as that!
How to Log in from Somebody Else’s Computer?
Apple’s passwordless authentication technology allows you to log onto a website using someone else’s computer too You will see a QR code option on the website’s login page. Scan it with your Apple device and turn on Bluetooth so that your device and the computer are in maximum proximity.
You’ll be asked to authenticate the Apple Passkey for that website using your Apple Touch or Face ID. Your device will then connect with the computer to safely complete the login process.
Shaking up the World of Passwords
The new method of securing systems is set to cause a major technological shift. Its broad spectrum of cross-platform availability and device compatibility, from MacBook Air 2022 to iPhone, iPad, and Apple TV, makes it convenient and inclusive.
Besides Apple, Google has also announced future passkey support for Android in 2022, currently in developer testing.
It’s unlikely that websites and applications will force you to use passkeys in the initial phases. They’ll be available as an alternate option alongside passwords. But with unparalleled account security and ease of use, passkeys are bound to become mainstream in the near future.
Does Phishing Have a Chance?
This next-generation passkey login method is extremely resistant against phishing and hacking. It eliminates the use of passwords, preventing hackers from stealing and misusing them.
Moreover, unique passkeys are linked to each website and application, so users can’t be tricked into accessing a scammer’s fraudulent phishing website or app.
Will Industry Giants Join?
Yes! Other tech giants will also join over the course of the coming year. Both Microsoft and Google have been working on passwordless technology for a better user experience. Once all the companies release their respective passkey versions, users will be able to use them across platforms.
Working together within the FIDO Alliance, platform vendors, tech companies, and software developers are ensuring passkey compatibility across as many platforms and devices as possible. Although still in its early stages, passkey compatibility is bound to grow as it becomes increasingly mainstream.
The FIDO Alliance already has hundreds of members, including board-level members like Samsung, PayPal, Visa, Yahoo! Japan, Meta, American Express, Wells Fargo, and Amazon. Sponsor-level members include Sony, Twitter, and Verizon. There are also government-level members and many associate-level members too.
Where Do Password Managers Stand?
At present, password managers have no role in Apple Passkey. Still, there’s a strong possibility that they’ll be used to make the passkey ecosystem more portable.
Passkeys are stored on your phone or computer after they’re initially set up. They can synchronize across devices—behaving much like a password manager from a user’s standpoint.
Final Thoughts
Apple Passkey is a next-gen cryptographic technology that secures your accounts without the need for a password. It uses fingerprint or face recognition to authenticate unique passkeys across websites and applications, thereby—
- Vastly improving your online safety.
- Eliminating password attacks.
- Significantly reducing the risk of phishing attacks.
Additionally, these passkeys sync across your Apple devices via iCloud Keychain, an end-to-end encrypted method requiring multi-factor authentication.
But Apple’s not the only one bringing passkeys to the masses. Tech giants like Microsoft and Google are working on their own versions too. Meanwhile, the FIDO Alliance continues to expand. Is this the end of passwords? We’ll find out soon enough!
We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.
You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us