With iOS 17 and MacOS Sonoma, Apple will join Google in embracing passkey login for its own websites and services, a big step in an even bigger step away from the profound flaws of password-based authentication.
Apple already supports passkey login in its existing iOS, MacOS and iPadOS software. But according to beta testers of the new versions of the software expected to arrive this fall, Apple will prompt people to enroll in passkey authentication for its own sites where you use an Apple ID, like iCloud.com.
Passkeys employ biometric checks like face or fingerprint recognition and are designed to be as easy to use as passwords but vastly more secure. They rely on very secure cryptography technology that Apple, Google, Microsoft and other tech companies developed at the Fast Identity Online (FIDO) Alliance. Passkey support is relatively rare today, but when it’s embraced more broadly, life should get harder for hackers.
Apple didn’t immediately respond to a request for comment. But the company told PC Magazine that the passkey enrollment will be automatic for Apple sites.
Watch this: WWDC 2023: Here Are All the Major iOS 17 Features
Password login technology is plagued with problems. Passwords that are more secure also are harder to remember. Many of us reuse passwords on multiple sites, amplifying the havoc a hacker can cause. Dual-factor authentication helps, but there are weaknesses there, too, especially with passcodes sent by SMS.
Passkeys get rid of these problems and as an added bonus block phishing attempts, since they offer cryptographic links between your devices and the specific sites you log in to. You can’t use a passkey on a fake version of a website.
Passkeys can be synchronized across multiple devices, and Apple does so automatically across iPhones, Macs and iPads. But there can be synchronization complications if you use non-Apple devices or browsers or borrow your friend’s laptop.
These screenshots show how the pharmacy CVS prompts people to enroll to use passkeys to log on to its website, in this case on Safari on an iPhone. After a successful regular logon, the site asks if you want to go passwordless, goes through a face ID authentication step, and then saves the passkey to your device.
The FIDO Alliance is working on passkey portability, which would let you export passkeys manually, the way you might move passwords from one password manager to another. Google and Apple have pledged support.
For now, though, there’s a QR code scanning method that lets you use a passkey-enabled device to authenticate on another that doesn’t have them. And you can set up multiple passkeys for the same site.
Password managers are adding support for passkeys, too. 1Password is beta testing passkey support, though it doesn’t yet offer passkey protection for your password vault. And Dashlane lets you use passkeys on Android today with support on Apple devices coming with iOS 17 and MacOS Sonoma.
Source: CNET
