Apple will add support for passkeys, a new logon method that claims to be more secure than passwords in protecting access to our bank accounts and email, with the release of iOS 16 on Monday. Passkeys were presented by Apple at the Worldwide Developers Conference and will be available in iOS 16 and MacOS Ventura this fall, as well as Google’s Android and web browsers.
Passkeys are as simple, if not simpler, to use than passwords. They substitute a biometric check on our phones or laptops for the flurry of keystrokes required for passwords. They also prevent phishing attempts and eliminate the difficulties of two-factor verification, such as SMS codes, which exacerbate the shortcomings of the password method.
When you create a passkey for a website or app, it is saved on the phone or computer you used to create it. Passkeys can be synchronised between devices using services such as Apple’s iCloud Keychain or Google’s Chrome password manager. The open standards behind passkeys were developed by dozens of IT businesses in a body called the FIDO Alliance, which introduced passkeys in May.
Now is the time to adopt them, said Garrett Davidson, an authentication technology engineer at Apple, during a passkeys talk at WWDC. “Not only is the user experience better with passkeys than with passwords, but entire categories of security — such as weak and reused credentials, credential breaches, and phishing — are simply no longer conceivable.
Before passkeys to reach their full potential, you’ll need to put in some time on the learning curve. You must also decide whether Apple, Microsoft, or Google is the best choice for you.
What’s a passkey?
It’s a new form of login credential made up of a little amount of digital data that your computer or phone utilises while connecting to a server. You authorise each usage of that data with an authentication step, such as a fingerprint scan, face recognition, a PIN code, or the login swipe pattern that Android phone owners are familiar with.
The hitch is that you must have your phone or computer with you to use passkeys. You can’t access a passkey-protected account from a friend’s computer unless you have your own device.
Passkeys are saved up and synced. Google and Apple can restore your passkeys if you get a new Android phone or iPhone. Google and Apple cannot see or change the passkeys due to end-to-end encryption. Apple’s mechanism is designed to keep passkeys secure even if an attacker or Apple employee gains access to your iCloud account.
What is the procedure for creating a passkey?
It’s quite straightforward. When a website or app invites you to set up a passkey, use your fingerprint, face, or another technique to authenticate it. That’s all.
How do I use a passkey to log in?
When you try to log in to an app on your phone, a passkey authentication option will show. Tap that option, provide your authentication information, and you’re in.
For websites, look for a passkey option near the username area. The procedure is then repeated.
Once you’ve created a passkey on your phone, you can use it to login to another nearby device, such as your laptop. Once logged in, that website may offer to generate a new passkey for the new device.
What if I need to access a webpage while using another person’s computer?
You can use a passkey stored on your phone to log into another nearby device, such as a borrowed laptop. The login screen on the borrowed laptop will include a QR code that you can scan with your phone. You’ll use Bluetooth to guarantee that your phone and computer are both nearby, and then you’ll be able to utilise a fingerprint or facial ID check on your own phone. To finish the authentication process, your phone will communicate with the computer via a secure connection.
Why are passkeys safer than passwords?
For login, passkeys use a time-tested security basis known as public key cryptography. That’s the same technology that safeguards your credit card information when you enter it into a website. The system’s brilliance is that a website simply needs to base its passkey record on your public key, which is intended to be publicly viewable. The private key used to create a passkey is only saved on your device. There is no password database that a hacker can steal.
Dumping passwords
Apple is attempting to eliminate passwords with Touch ID and Face ID-based passkeys.
The Best Password Manager for 2022
Password Dumping Can Really Improve Your Security
Microsoft now allows you to log into Outlook, Skype, and Xbox Live without entering a password.
Another significant advantage is that passkeys prevent phishing efforts. “Passkeys are intrinsically linked to the website or app for which they were set up, so customers can never be misled into using their passkey on the wrong website,” said Ricky Mondello, Apple’s head of authentication technology, in a WWDC video.
Passkeys need you to have your device nearby and be able to unlock it, a combination that provides the security of two-factor authentication with less hassle than SMS codes. Nobody can look over your shoulder as you type your password with passkeys.
