Tech News | Reviews | Tips

Will Apple passkeys be more secure than passwords?

Apple will soon offer a solution for users who are tired of inputting passwords to authenticate themselves. The firm has disclosed the operation of its Passkeys, which will eventually replace regular character strings that must be remembered. 

Passwords are frequently forgotten and increasingly difficult to safeguard; OTP codes are impractical and exposed to hacking. Several firms, including Google and Microsoft, are likewise working to replace them, for instance by including biometric authentication and FIDO security key compatibility.

Passkeys is one of the most intriguing new iOS 16 features. This function intends to eliminate the need for passwords, as users will only be required to validate logins with their face or fingerprint. Based on an interview with Kurt Night, Apple Senior Director of Platform Product Marketing, and Darin Adler, Vice President of Internet Technologies, Tom’s Guide learned how Passkeys, Apple’s unique digital keys, will function.

How do Passkeys work?

Passkeys are one-of-a-kind digital keys that remain on your device, are simpler to use, are more secure, and are never kept on a web server. What’s more? Passkeys cannot be taken by hackers in a data breach or shared by users under fraudulently.

“Passwords are key to protecting everything we do online today, from everything we communicate to all of our finances,” said Knight “But they’re also one of the biggest attack vectors and security vulnerabilities users face today.”

That’s a key factor in why Apple has been working so hard to find a solution. Passkeys use Touch ID or Face ID for biometric authentication and iCloud Keychain for end-to-end encrypted syncing across iPhone, iPad, Mac, and Apple TV.

Other firms have attempted to replace passwords with specialized hardware, such as a physical security key, but these efforts were primarily directed at enterprise users and introduced an additional level of complexity. Passkeys have a great chance of succeeding since they make use of a device you already own. Passkeys are built using a technique known as public key cryptography. There are two types of keys: a private key that is kept private and is kept on your device, and a public key that is saved on a web server. Phishing is impossible with passkeys because you never have to reveal the private key where you can simply authenticate with your device.

What if you’re not using an Apple device?

Passkeys can be transmitted over AirDrop if someone tries to log in to a service using an iOS device or Mac that is not yours. This implies that the other device generates a QR Code that your iPhone or iPad can read. Before validating or refusing the request to the app or website running on the other device, iOS used Face ID or Touch ID to validate that it is you who is attempting to sign in.

The cross-platform experience is super easy,” said Knight. “So say you’re someone who has an iPhone, but you want to go and log in on a windows machine. You’ll be able to get a QR code that you will then just scan with your iPhone and then be able to use Face ID or Touch ID on your phone.” To put it another way, computers will interact with one another to verify that you are nearby and signed in for your own safety.

An unbreakable Keychain

Passkeys require something to sync the information with end-to-end encryption in order to work across different Apple devices, including iPhone, iPad, Mac, and Apple TV. This is when iCloud Keychain comes into play. iCloud Keychain is already used to sync passwords and other sensitive information (like credit cards) across devices. However, the introduction of Passkeys takes things to the next level. Assume you don’t have access to your iPhone. If your Apple device is lost or stolen, you can retrieve your previous keys using iCloud Keychain. This is why Apple designed Passkeys to be built on top of iCloud Keychain. 

What comes after Passkeys?

Apple is working with developers to integrate Passkey compatibility into their apps, but Passkeys will also be included into the operating systems for iOS 16, iPadOS 16, and macOS Ventura. Adler claims that developers now have everything they need to begin using Passkeys, and users will have support when they update their Apple devices to the freshly released software this fall. So, despite all of the past excitement about permanently abolishing the password, this time it might actually happen.