fbpx

What are Apple Passkeys and how it will replace conventional passwords

Apple introduced a number of new products today including new MacBooks powered by the new M2 chip and macOS Ventura. But one new feature that was announced that caught my attention is Apple Passkeys, which Apple says will usher in a passwordless future. But what is it and how will it work?

Yugatech 728x90 Reno7 Series

Before we dive into Apple Passkeys, let’s talk about passwords first. Passwords, or passcodes (for Apple), are secret information made of a string of characters that you use to log in to online services.

The problem with passwords is that it has to be memorized. And since it is not advisable to use one password for more than one account, you’ll have to memorize multiple passwords. Not to mention that online services are now requiring you to create complex passwords so it’s not easy to guess or hack.

Sure, you can use password managers like Google Password Manager or Apple Keychain to help you remember passwords. But eventually, you’ll have to replace your passwords especially if it appears in a data leak or breach.

What this implies is that passwords are vulnerable. It can be hacked through sophisticated methods or through social engineering like a phishing email, to trick you into providing your password. That’s why if an online service you’re logging into supports 2FA, it’s highly recommended that you use it. But then again, once a password is exposed, it has to be replaced. It’s inconvenient and time-consuming.

Enter Apple Passkeys

Apple recognizes the problems with passwords and wants to replace them with passkeys. Apple says that it is a next-generation credential that is more secure and easy to use. It is based on Web Authentication API (WebAuthn), which uses public-key cryptography and biometrics like Touch ID or Face ID to authenticate logins.

Based on Apple’s WWDC 2022 demonstration, when users create an account on a website, just input the email address associated with your Apple ID, and it will prompt you to save a passkey for that account. All you have to do is use Touch ID or Face ID, and you’re done. The passkey is also synced across Apple devices using the iCloud Keychain and is available on the Mac, iPhone, iPad, and Apple TV. Those in the ecosystem can certainly take advantage of it.

When users create a passkey, a unique digital key is created that only works for the site it was created for. That digital key also stays on the device and is never stored on a web server, so hackers can’t leak them or trick users into sharing them. So the next time you log in to a website where you signed in using passkeys, all you need to do is use your Apple device’s Touch ID or Face ID.

Another thing that I like about passkey is that it will also work across apps and the web and that users can even sign in to websites or apps on non-Apple devices using their iPhone. So if you’re using Windows and a Google Chrome browser, a QR code will pop up so you can you can scan it with your iPhone and authenticate the login.

Will passwords go away soon?

I don’t think so but it looks like we’re moving towards a passwordless future given the new technology like what we’ve seen today. Early last month, Apple, Google, and Microsoft announced their plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. After Apple’s Passkey, we can expect Google and Microsoft to implement the new capabilities to their platforms as well.

As a user, I fully welcome this technology. I don’t think I’m going to miss the moments of forgetting my password and having to go through the process of resetting and creating a new one, only to know later on that it’s leaked on the dark web. As long as it’s convenient and more secure, people will accept it.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 975 other subscribers

2 Responses

  1. Avatar for Miss Call Miss Call says:

    It’s nothing new if it’s based on WebAuthn/FIDO2 like how Windows Hello does it. What’s good about this is if you only use Apple products and don’t care about anything else, then it’s one more reason to willingly get walled.

    • Avatar for Louie Diangson Louie Diangson says:

      My first thought as well. Although Apple demonstrated cross-platform functionality, I hope they make it seamless once Google and Microsoft implement it as well.

Leave a Reply
JOIN OUR TELEGRAM DISCUSSION

Your email address will not be published. Required fields are marked *