Connect with us

Apple

A future without passwords – what Passkey means for everyone

Apple is helping lead the charge towards a passwordless future.

apple passkey on macbook
Image: KnowTechie

Apple announced a key part of iOS 16 and macOS 13 that’s going to change how you log into Websites and apps. Apple’s Passkey could be the catalyst that starts a passwordless future.

A future where you never use a “forget password?” link, and never get phished again. It really could be a magical thing and help change the face of account security.

But first, a little history of why this problem exists and what a

The problem with passwords

password entry field
Image: Pexels

Passwords suck. Banks and employers make you change them every three months. You can’t reuse them. Some make you have less than 8 characters, while others want an intro, a main character, a plot with 3-act structure, symbols, numbers, and upper case letters.

People suck at using passwords. People use their birthday, their anniversary, and literally, ‘password12345’. And they re-use them, and write them down.

Then came the password managers

lastpass example
Image: KnowTechie

And they were good. But the problem with a password manager is that you have to manage a lot of passwords.

A password manager records your passwords when you enter them into a site the first time and automatically fills them each future time. For new sites, it will offer to create passwords. And, it will encrypt them all to keep them safe.

READ MORE: How to find saved WiFi passwords in Windows 11

Then came two-factor authentication, or 2FA. 2FA is the idea that you enter your username and password, and generate a six-digit code with an app or SMS.

The code changes every time, so it’s more secure, and it comes to your phone, so it’s ‘something you know’ (the password), and ‘something you have (the phone). Those are the two factors.

What’s new

password lock screen
Image: 1Password

Instead of 2FA that relies on you having a password and receiving an SMS (insecure), or setting up an app to receive codes, this all gets simpler.

It seems a little silly that you have to create a password, use the phone to remember it, and then get a code to enter from the phone. That’s a lot of manual work for something that is stored at a remote computer and has a history of getting hacked.

What if all that went away? What if services didn’t have to store a password in the first place, so there’d be no password to get hacked?

Passkey, Apple’s name for FIDO2 (Fast IDentity Online 2) uses Touch ID or Face ID to create a key for a website or service. When you go to sign in, you’ll be asked to use Touch or Face ID, instead of a password.

Benefits of this system:

  • The key is end-to-end encrypted
  • The key is synchronized in iCloud, so it’s synchronized to your Apple devices
  • The key is stored in your local Apple device
  • It’s cross-platform

As you can see, there are a lot of benefits of a system like this.

Cross-platform?

That last detail is important. Cross-platform support is what’s going to make this catch on and eliminate passwords everywhere over time.

I asked Tim Cappalli of Microsoft what cross-platform means. You can find their response below:

Because the integration for Windows is via the browser at first, Windows 10 users can take advantage of this.

The way it works is, that when you go to a site on a PC, the site will display a QR code. Hold up your phone’s camera to the code, and it will prompt the phone to authenticate.

apple passkey example
Here’s what happens when you use your Apple iPhone to enter a password in Chrome on Windows 10 – everything works together (Image: Apple)

The method will ask for your Touch or Face ID. The phone will then provide the key back to the site, and you’ll be logged in.

Android

google android 11
Image: Google

Google has been making FIDO2 password-less authentication available to Google accounts on Android 7+ devices, starting with Pixel devices.

Users can use their fingerprint or screen lock method instead of typing in their password when visiting Google services and websites. The fingerprint is said to never be sent to Google’s servers.

Converting passwords to Passkey

If you’re like me, you have around 1,700 passwords. As you go to sites, an iPhone with iOS 16 will offer to convert them to Passkey, making it easy to never have to deal with a password again. While also preventing passwords from being compromised ever again.

Unknowns

ios 16 icon with blurred iphone in background
Image: KnowTechie

There are still a few things we don’t know about Passkeys. We know that it will be supported in iOS16, iPadOS16, macOS 13 (Ventura), Safari, Chrome, Edge, Android, Windows 10 (at the browser level), and Windows 11.

What we don’t know is, what this means for the people that switch platforms. Sometimes, Android users buy iPhones. Sometimes, iPhone users buy Android phones. If Passkeys are stored securely in iPhone and synchronized through iCloud Keychain, how would you port them to Android?

You’re going to want Passkey

Even if it seems like passwords are a comfortable, known way of getting into sites and services, they’re vulnerable to bad hacks.

Using Passkey, even though it seems very new, is going to be better over time. It’s a building block to get to a future where hacks don’t happen as much, or as widely, and one where everyone can go without passwords: Apple, Windows, iPhone, and Android users alike.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

For years, Victor has threatened to write the book, "How To Solve Printer Problems Easily", with the first page stating in lovely italics, "The author is a filthy liar. No printer problem is solved easily. Let's begin..." He just wishes consumer electronics were better. Expertise in networking, audio, and repair. Blogging since 2001, he has contributed to sites including AppleInsider.com, WristWatchReview.com.

Comments

More in Apple