Raise your hand if you hate entering passwords. Okay, now raise your hand if you happen to use the same password for multiple accounts or services. Yes, a lot of people do this and it is the leading cause of users being hacked.
Think about it. If someone can get your password for a service – through a data breach, social engineering or Phishing attack – Your identity and personal information may be compromised. This can lead to anything from baby camera tracker Let hackers steal money from your bank account.
Yes, there are alternatives to entering the password manually, such as Best password manager, but they can still leave users vulnerable. Now, Apple, Google, Microsoft and others have come together through FIDO Alliance (opens in a new tab) to try to replace the password for good. And Apple’s implementation, called Passkeys, will launch this fall in iOS 16, macOS Coming Soon and iPadOS 16″.
In an exclusive Tom’s Guide interview, I had the opportunity to speak with Kurt Night, Apple’s senior director of platform product marketing, and Darin Adler, Apple’s VP of internet technology, about how Passkeys work and how they can actually turn passwords into a thing. of the past.
What the hell are passkeys and how do they work?
Passwords are easy-to-use, more secure, unique digital keys that are never stored on a web server and are always on your device. The best part? Hackers cannot steal Passkeys in a data breach or trick users into sharing them.
“Passwords are key to protecting everything we do online today, from everything we communicate to all of our finances,” says Knight, but they’re also one of the vectors of attack and loss. biggest security hole facing users today. “
That’s why Apple has worked so hard to find an alternative. Passwords use Touch ID or Face ID for biometric verification and iCloud Keychain to sync across iPhone, iPad, Mac, and Apple TV with end-to-end encryption.
Other companies have tried to replace passwords with specialized hardware, like physical security keys, but that’s mostly focused on business users; it also adds another layer of complexity. Passkeys have a real hit to take off because they take advantage of a piece of equipment you already have.
Password locking is based on what is known as public key cryptography. There is a private key, which is secret and stored on your device, and there is a public key on the web server. Passwords make phishing impossible because you never present the private key; you only authenticate using your device.
“People almost always carry their phones with them,” says Adler. “Face ID and Touch ID verification gives you the convenience and biometrics we can achieve with iPhones. You don’t need to buy another device, you don’t even need to learn a new habit. “
Wait, what if you don’t use an Apple device?
Let’s say you sign up for a streaming service on your iPhone but need to sign in on your Roku. What do you do when your Roku doesn’t have Touch ID or Face ID?
The other device generates a QR Code that your iPhone or iPad can read. iOS uses Face ID or Touch ID to confirm that you’re trying to sign in before confirming or denying requests for apps or websites running on the other device.
Additionally, if someone is trying to sign in to a service using an iOS device or Mac that isn’t yours, passwords can be shared via AirDrop.
Night said: “The cross-platform experience is easy. “So let’s say you’re someone with an iPhone, but you want to sign in on a windows computer. You will be able to access a QR code that you will then simply scan with your iPhone and then be able to use Face ID or Touch ID on your phone.”
In other words, the computers will communicate with each other to ensure that you are nearby for the sake of security, and they will confirm that you are logged in.
Unbreakable key chain
For Passkey to work across multiple Apple devices — including iPhones, iPads, Macs, and Apple TVs — it needs something to sync information with end-to-end encryption. And that’s where iCloud Keychain comes in.
iCloud Keychain was used to keep your passwords and other secure information (like credit cards) in sync across your devices. But the arrival of Passkeys takes things to the next level.
So what if you don’t have access to your iPhone? iCloud Keychain also makes it possible to recover your previous keys through iCloud if your Apple device is lost or stolen.
This is why it’s so important for Apple to build Passkey on top of iCloud Keychain.
“iCloud Keychain has made it possible and secure that was previously limited to those willing to bring in extra hardware that can be made available to everyone with a phone,” Adler said. “So I think those two things come together in a really special way.”
What’s Next for Passkeys
Passkey will be integrated into iOS 16, iPadOS 16, and macOS Ventura operating systems, but Apple is also working with developers to integrate Passkey support into their apps.
Apple has yet to share what Passkey-compatible apps will be available at launch, but it looks like there’s already some momentum in the background. And it’s not just about ease of use.
“These public keys don’t really have any value. Adler said. “So that would reduce liability for developers running the service… and developers would want to take advantage of this because of the reduced liability.”
According to Adler, developers have everything they need to start implementing Passkey now, and consumers will be supported when they update their Apple devices to the new software released this fall.
So despite all the previous hype around password killing as well, this time it could happen to be for real.
“It’s not a future dream to replace passwords,” says Night. “This is what will be the path to complete replacement of passwords, and it’s starting now.”