Apple Passkeys are a secure replacement for passwords. They use Touch ID or Face ID to enable logins on both Apple and non-Apple devices.
One of the novelties Apple announced at WWDC 2022 is Passkeys, its password replacement system that will provide a more secure way to log in to websites and apps. Apple is part of the FIDO Alliance, an organization that aims to enable passwordless logins and also includes key players like Google, Microsoft and Lenovo. While passwords are still widely used, frequent hacks and leaks have led users to resort to methods such as two-factor authentication to secure their data.
However, there is a simpler solution. Most smartphones now have a fingerprint reader or face unlock, and these biometric scanners can do more than just unlock the phone. Several financial apps now allow users to confirm a transaction by scanning their biometrics rather than entering a PIN. Operating systems like ChromeOS allow users to unlock their Chromebooks by keeping their smartphone connected nearby rather than entering a password. For phones with a fingerprint reader, unlocking the phone with a registered finger unlocks the phone and Chromebook simultaneously. The feature is called Smart Lock and even offers the possibility to log in to a Google account using the connected smartphone.
Access keys use a combination of cryptographic and biometric techniques on a device to protect a user’s account. It is also quite simple to create them. According to Apple, when a user visits a site or app that needs an account, they can create a passkey using Touch ID or Face ID as authentication. The access key created is a unique digital key only for that website or application, and is stored securely on the user’s device. When a user wants to access the passkey, they can use biometric verification to log in.
Security keys will work on all operating systems
Although a password can be created on a Mac or iPhone, Apple says it will be securely synced across all devices linked to the user’s account using iCloud Keychain. So if a password was created for a website on a Mac, that same password will be available when a user wants to log into that site on their iPhone or iPad. Passkeys will not only work on Apple’s own devices, but also on non-Apple devices. All a user has to do is log in using their iPhone or iPad. A demo during the announcement shows users will need to scan a QR with their iPhone and then use Touch ID or Face ID to log into the website on another device.
According to Apple, Passkeys cannot be phished. This is because the password never leaves the device, which means hackers cannot trick a user into sharing a password on a fake website. Also, there can be no leaks because nothing is stored on a server. Since a passkey is only accessible with biometric authentication, a thief will not be able to access a user’s accounts even if they steal an iPhone. Passkeys, plus all the other great features Apple announced at WWDC, will be available on supported devices later this year.
NEXT: How to Save Passwords on iPhone with Safari and View Them Later
90 Day Fiancé: Libby reveals growing baby bump and shares gender update
About the Author