Raise your hand if you hate entering passwords. Well, raise your hand now if you use the same password for multiple accounts or services. Yes, many people do this, and it is a major reason for users to get hacked.
Think about it. If someone could obtain your password for a single service—either through a data breach, social engineering, or phishing attack – Your identity and personal information may be compromised. anything can happen people spying on baby cameras For hackers stealing money from your bank account.
Yes, there are options to enter the password manually, such as best password manager, but they can still leave users vulnerable. Now Apple, Google, Microsoft and others have banded together through FIDO Alliance (opens in new tab) To try to change the password for good. And Apple’s implementation is called Passkey, which is coming this fall. iOS 16, macos is coming And iPadOS 16,
In an exclusive Toms Guide interview, I had the chance to talk with Kurt Knight, senior director of platform product marketing at Apple, and Darin Adler, VP of Internet technologies at Apple, about how passkeys work and how they can actually create passwords. of the past.
What are passkeys and how do they work?
Passkeys are unique digital keys that are easier to use, more secure, never stored on web servers and remain on your device. The best part? Hackers cannot steal passkeys in a data breach or trick users into sharing them.
“Passwords are critical to protecting everything we do online today, everything we communicate with all of our finances,” Knight said, “but they’re also one of the biggest attack vectors and security vulnerabilities today.” Huh.
That’s why Apple is pushing for an alternative. Passkeys use Touch ID or Face ID for biometric verification, and iCloud Keychain to sync with end-to-end encryption across the iPhone, iPad, Mac, and Apple TV.
Other companies have tried password replacement with dedicated hardware, like a physical security key, but this was mostly focused on enterprise users; It also added another layer of complexity. Passkeys have a real shot at flying because they take advantage of the device you already have.
Passkeys are based on what is called public key cryptography. There is a private key, which is secret and stored on your device, and a public key that goes to the web server. Passkeys make phishing impossible because you never present the private key; You authenticate using only your device.
“People almost always have phones with them,” Adler said. “Face ID and Touch ID verification give you the convenience and biometrics we can get with an iPhone. You don’t need to buy any other equipment, but you also don’t have to learn any new habits.”
Wait, what if you’re not using an Apple device?
Let’s say you sign up for a streaming service on your iPhone, but you need to be logged in on your Roku. What do you do when your Roku doesn’t have Touch ID or Face ID?
The second device generates a QR code that can be read by your iPhone or iPad. iOS uses Face ID or Touch ID to confirm that it’s you who are trying to sign in before confirming or denying a request from an app or website running on the other device.
Also, if someone is trying to log into a service using an iOS device or Mac that isn’t yours, the passkey can be shared via AirDrop.
The cross-platform experience is super easy,” Raat said. “So say you’re someone who has an iPhone, but you want to go to a Windows machine and log in. You’ll be able to get a QR code that you’ll scan with your iPhone and then Face ID or Touch on your phone.” Will be able to use ID.
In other words, the computers are going to communicate with each other to make sure you’re in close proximity for security and they’ll confirm that you’re signed in.
an unbreakable keychain
For Passkey to work across multiple Apple devices—including the iPhone, iPad, Mac, and Apple TV—it needs something to sync the information with end-to-end encryption. And that’s where iCloud Keychain comes in.
iCloud Keychain is already used to keep your passwords and other secure information (such as credit cards) in sync across your devices. But the arrival of Passkey takes things to the next level.
So what if you don’t have access to your iPhone? iCloud Keychain makes it possible to recover your previous keys through iCloud if your Apple device is lost or stolen.
That’s why it’s so important that Apple built Passkey on top of iCloud Keychain.
“iCloud Keychain made this possible, and security that was previously limited to those willing to carry additional hardware can be provided with the phone,” Adler said. “So I think those two things come together in a really special way.”
What’s next for Passkeys
Passkeys will be built into the operating systems for iOS 16, iPadOS 16 and macOS Ventura, but Apple is also working with developers to integrate passkey support into its apps.
Apple couldn’t yet share which Passkey-compatible apps will be available at launch, but it looks like the background is already in motion. And it’s not just about ease of use.
“These public keys really have no value. There’s nothing worth stealing,” Adler said. “So it’s going to reduce the liability for the developers running the services … and the developers will want to take advantage of that because of less responsibility.”
According to Adler, developers now have everything they need to implement Passkey and consumers will get support when they update their Apple devices to the newly released software this fall.
So despite all the previous hype surrounding killing passwords for good, this time it may for real.
“This is not the future dream of changing passwords,” Knight said. “This is something that’s going to be the way to completely replace passwords, and it’s just getting started.”