At its Worldwide Developer Conference (WWDC) this week, Apple previewed a new scheme that could help make passwords a thing of the past with a passwordless login scheme called Passkey. Darin Adler, VP of Internet Technologies at Apple, pitched Passkey as "more secure, easier to use, and aims to replace passwords for good." That's good to hear, considering how lousy passwords are, but many have tried to do away with passwords before.
Enter Apple Passkeys
Adler described Passkeys this way: "A unique digital key is created that only works for the site it was created for." Instead of passwords, Apple users would verify their identity using biometric authentication, which is already built into most of the company's product line with Face ID, for facial recognition, and Touch ID, for fingerprint scanning.
In the presentation, we see someone creating a new account on a website. They enter their email address, but instead of creating a password, a window pops up asking if they want to create a Passkey. The user authenticates using biometrics—in this case, the Touch ID on their Mac—and that's it.
Apple says that Passkeys will work cross-platform.
Adler explained that Passkeys are automatically synced between a user's Apple devices, including Apple TVs, using iCloud Keychain, and are intended to work in apps as well as on the web. Passkeys are also meant to work cross-platform. In the demonstration, a user goes to log in with their passkey and is presented with a QR code to scan. Adler said that in this scenario, the person's iPhone would authenticate the login, presumably by scanning the QR code.
While ease of use was on display in the WWDC presentation, Adler stressed the security benefits of Passkeys. "Passkeys can't be phished since the Passkey never leaves your devices," he said. "Hackers can't trick you into sharing it on a fake website. And passkeys can't be leaked because nothing secret is kept on a web server."
A FIDO Connection
At WWDC, Adler said that Passkeys were created in collaboration with the FIDO Alliance, the trade group that has managed the creation of standards for multi-factor authentication and passwordless login. He also highlighted Apple's work with Google and Microsoft specifically.
Since my start in 2008, I've covered a wide variety of topics from space missions to fax service reviews. At PCMag, much of my work has been focused on security and privacy services, as well as a video game or two. I also write the occasional security columns, focused on making information security practical for normal people. I helped organize the Ziff Davis Creators Guild union and currently serve as its Unit Chair.
