Apple’s upcoming iOS 15 and macOS Monterey will preview a new feature called “Passkeys in iCloud Keychain”, which is an attempt to replace passwords with a more secure login process. Instead of logging in to an app or website using a text string, a WWDC presentation showed you how to use Face ID, Touch ID or a security key instead to gain access. The passcodes are then synced across your Apple devices using iCloud.
Although passwords are currently the most popular way to secure accounts, they are plagued with a number of issues. Passwords can be shared, forgotten, and they are insecure if not used properly (think about how many times you have been tempted to reuse it across multiple accounts). But Apple believes the new Passkeys solution can solve these problems, as shown in the comparison table below.
In a demonstration, Apple showed how the new feature could eliminate the need to create a password to log in to an app or website in the first place. Instead of creating a username and password during the sign-up process as usual, Apple’s authentication experience engineer Garrett Davidson simply enters a username and allows the app to register Face ID as a passkey. Then he showed how he could use Face ID to log in to the app in the future, or even log in to his account via the service’s website. It also works on Macs with Touch ID.
The functionality is based on the WebAuthn standard, which Apple, Google, Microsoft and others have slowly added support over time. Last year, Apple added support for it to offer password-free logins in Safari on iOS and macOS. But the new approach goes deeper, integrating WebAuthn into an app’s registration process and syncing your credentials across Apple devices via iCloud.
Behind the scenes, WebAuthn uses public key cryptography to let you sign in without your private credentials ever having to leave your device. Instead, the phone or computer sends only a “signature”, which proves your identity without having to share your secret private key.
Apple admits that the feature is in an early stage. It will only be released in preview this year, and will be turned off by default in iOS 15 and macOS Monterey. Developers can enable it, but it is not intended for widespread use. There is also the obvious limitation that the feature depends on iCloud to work, so you are lucky if you need to sign in to the same service on a Windows or Android device. Apple admits that this is a problem, but suggests that it works to improve cross-platform support in the future. Apps and websites must also enable support for the new process.
But the move is another sign of the growing driving force behind ditch passwords. Microsoft has announced plans to make Windows 10 password-free, and Google has worked to make it possible to log in to its services without a password.