FIDO Alliance, an association that has been working on new authentication methods to replace traditional passwords, announced last month that Apple, Google, and Microsoft have committed to expanding support for FIDO Standard on their platforms. At WWDC 2022, Apple revealed that iOS 16 and macOS 13 finally enable passwordless sign-in with “passkeys.”
In fact, iOS 15 and macOS 12 are already compatible with FIDO Standard. However, the previous implementation requires the user to log into each app or website on each device before enabling a passwordless sign-in method. Now with Apple’s latest software, true passwordless sign-in has become a reality.
As detailed by Apple in a WWDC 2022 session, both iOS 16 and macOS 13 now feature “passkeys,” which is what this authentication method is called. With passkeys, users no longer have to enter a username and password to sign-in to apps and websites, which reduces the chances of being tricked by phishing attacks.
How passkeys work in iOS
For users, sign-in with a passkey will work pretty much the same as a sign-in using iCloud Keychain and Face ID or Touch ID. You just choose a credential, authenticate with biometrics, and that’s it. However, while iCloud Keychain basically auto-fills your username and password into regular text fields, a passkey goes far beyond that.
The system generates a unique key that can only be accessed with user authentication via Face ID or Touch ID. This prevents malicious websites from trying to steal your passwords since passkeys are securely stored in the iCloud Keychain and are not visible to the user.
Of course, passkeys are automatically synchronized with your Apple devices, but what about other platforms? Since passkeys are based on the FIDO Standard, which is also being implemented on Android and Windows, there’s a way to sign in to on a device that is not yours.
The other device generates a QR Code that can be read by your iPhone or iPad. iOS uses Face ID or Touch ID to confirm that it’s you who’s trying to sign in before confirming or denying the request to the app or website running on the other device. And when it comes to an iOS device or Mac that is not yours, passkeys can be shared via AirDrop.
Availability and implementation
Since this is a new API, passkeys requires developers to update their apps and websites to support the new standard, so it may take some time before this technology becomes popular. Even so, Apple has provided extensive documentation to help developers implement passkeys in their iOS and macOS apps.
iOS 16 and macOS 13 are currently available as beta software for developers via the Apple Developer website. A public beta will be released next month, while the official release is expected this fall.
Author: Filipe Espósito
Source: 9TO5Google