What is Apple Passkey, and How Will It Help You Go Passwordless? • TechCrunch

As Apple is rolling out its ios 16 update todayOne of the major security features available to the users is passkey. This feature will allow users to use their Apple devices to log in to websites and services without any password.

What is passkey?

Passkey is the company’s implementation of an industry standard designed to remove passwords for online authentication. Earlier this year, Apple, Google and Microsoft joined hands with the FIDO Alliance and the World Wide Web Consortium Work on removing password for user authentication across platforms.

Apple announced own version of this standard Called Passkey at its Worldwide Developer Conference (WWDC) in June. Apple said that Passkey will be supported on macOS Ventura, iOS 16 and iPadOS 16.

Passkey can reduce the risk of account compromise because it removes passwords, which can be leaked, exposed or stolen from the authentication flow. Also, passkeys cannot be reused on sites like Password, so the risk of stolen credentials affecting other accounts is low.

How will this work?

The passkey is based on the WebAuthn standard, so users can use biometric authentication such as Face ID or Touch ID, or use a PIN to verify a login attempt. At a high level, instead of relying on a username-password combination, Passwords uses your device to prove that you are the legitimate owner of the account.

If you visit a website that has already implemented the passkey – LIKE THIS DEMO WEBSITE — You may see a new option to log in using a device or credentials stored in your iCloud Keychain. If you don’t already have an account registered on the site, it may ask for some basic information and save the passkey to iCloud Keychain—no password required. Once you register an account, the iCloud-based passkey is shared across all Apple devices with the same Apple ID.

All of this is based on FIDO’s proposed multi-device credentials that allow users to store authentication keys across devices enabling them to log in without the need for a password. This means it should work on all platforms, but Google and Microsoft are yet to implement this technology on their platforms.

Passkeys work by generating a pair of keys – a public key and a private key stored on the device. The public key is stored in the cloud and shared between devices that have their own private key. It also ensures that if the server is compromised, the attacker does not have both keys to gain access to the accounts.

How the passkey is generated and shared. image credit: FIDO Alliance

Users can manage their passkeys directly from Adjustment , Passwords, There is no separate section for stored passkeys, but websites that use passkeys will appear in this section. People can easily share their account details to a friend by tapping the share button on that particular passkey’s screen and sharing it with a nearby contact via AirDrop.

So what happens next?

Currently, few websites support passkey-based authentication, but this is likely to increase over time as developers begin to implement passkeys in their services. Initially, passkeys will be supported on Macs, iPads, and iPhones. If you use a Windows or Chrome-based machine or an Android phone, the site will ask you to verify yourself using a QR code that you can scan through your iPhone. Password managers preferred if users don’t want to rely on iCloud-based backups Dashlane Support for storing passkeys is also announced.

Paskey is still in his early days. Most popular websites still rely on the username-password combo, so a passwordless future is still far away.

Be the first to comment

Leave a Reply

Your email address will not be published.