Call Amazon and ask for an iPhone to be delivered stat! so you can unlock your Amazon account.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Amazon Adds Support for Passkeys, Allowing for More Secure Logins
- Thread starter MacRumors
- Start date
- Sort by reaction score
Look into 3rd party passkey solutions such as any of the many popular password managers.
Even if you are using a password manager, passkeys are much more secure. They are long and random, much better than a password, and if a website gets hacked, they can’t get your password because websites that use passkeys don’t store your password, only your public key.
Successfully set up passkey on my iPhone via Safari. Brilliant idea - Apple's Passkey.
For some reason it stopped working on Google for me and I just checked my Google settings and it says my device (iPhone 15 Plus!) is not supported by PassKey?!
Law enforcement could be a problem though. That depends in the laws of your country. The legal problem is, if fingerprints fall under your right to stay silent. You can't be forced by law to tell your password, but they can take your fingerprints and probably will not have a problem tricking you into unlocking Face ID by looking at your phone.The same can be said for TouchID and plain ol' passwords, too.
If the bad guy is holding you and your phone hostage... and plans to use violence... you're gonna have a bad time.
Reminds me of this:
View attachment 2300906
Hint: the wrench will win.
But what's more likely to happen is someone from far away trying to get into your accounts remotely. They could be in another state or another country. It happens all the time.
It's those hackers who will be stopped by these new protective measures since they don't have your phone in their hands.
In short... there are more hackers online than people in the real world following me around with a wrench.
Law enforcement are your biggest enemy when it comes to privacy, because they can use all information against you like no criminal can. So there should be at least one information in your head that is needed to get access to a service. It does not have to be a long password that you then always have to type. A four digit PIN is that locks the device after three failed attempts is already enough to stop law enforcement 99.97% of the time.
What a ridiculous comment. 🙄
Great answer, very informativeNon issue
About the security of passkeys - Apple Support
Passkeys are a replacement for passwords. They are faster to sign in with, easier to use, and much more secure.support.apple.com
I don't understand. If you can recover accounts using emails or text messages, how would Passkeys be more secure than the current system of *checks notes* using emails or text messages to recover accounts?
Wasn't this the whole problem that Passkeys were supposed to solve? Genuine-looking fake emails with malware or trojans, text messages can be spoofed from completely different phones, etc. Emails and text messages are not secure.
Passkeys will only be useful when websites take the bold move to beef up the fall-back option.
Tech savvy people are already using a password manager and strong authentication and the additional security is marginal benefit.
Non-tech savvy people, well. They will find it easier I guess. If they have access to their device. But their fallback is there. Waiting to be phished, hacked, shared, forgotten, reset, forgotten again.
I think most developers don’t care about the security but might be banking on halving their IT department, half of which is dedicated to password resets lol.
Tech savvy people are already using a password manager and strong authentication and the additional security is marginal benefit.
Non-tech savvy people, well. They will find it easier I guess. If they have access to their device. But their fallback is there. Waiting to be phished, hacked, shared, forgotten, reset, forgotten again.
I think most developers don’t care about the security but might be banking on halving their IT department, half of which is dedicated to password resets lol.
The passkey was supposed to make logging into websites and apps easier, and yet most of the time the passkey is being used after first having to put in a password, as a sort of 2FA, not as an alternative to one. Could someone please explain which Apps or websites actually allow you to use a passkey instead of a password to log in, rather then alongside one?
Finally this gets moving... Personally I recommend against using onboard Passkeys but rather use YubiKey's or a similar hardware token.
Usually yes, and if using hardware keys, registerting at least 2 (preferably 3) Passkeys is recommended if the "password reset via email function" is disabled when using passkeys (which it should - Apple does it that way).
Microsoft 365, Synology NAS,... Websites currently tend to use it as 2FA, but Passkeys are intended for passwordless authentication. I think it will just take some time until confidence in PassKeys is built up...
Passkeys are supposed to be better than passwords and that’s it. They can solve problems with emails and text messages, the problem though is that if you rely on passkeys only, you have to then be 100% reliant on your phone. We all probably need some time to understand how to use this technology effectively before we trash every other authentication method.
The good thing is that with iCloud there’s effective backups. The bad thing is then everyone needs to get on board with using iCloud and it seems not everyone is on board with using iCloud (Check these comments and you find people saying oh well you’ll be reliant on Apple, that’s somewhat true but for iCloud backups, passkeys themselves stay on device but you need backups so that’s when iCloud comes in).
And this is still up to the websites and apps. They could go all in on passkeys right now and it would improve things, at the cost of versatility, but people in general are still in the “discovering the technology” phase and it still is a long transition. Even when I have passkeys on a website or app, it still has a password (Google and Amazon are doing this), and they still let you recover your account with email or text messages (Or use an Authenticator app). If they want to make security foolproof they would need to effectively tell me that I would need my phone and iCloud and if I lose access to iCloud and my phone then that’s it, my account’s done, so that puts a burden on me to ensure I have my phone or at least iCloud backups.
It’s in the app.
Profile tab > Your Account > See All > Login & security > (login) > Passkeys
Last edited:
I turned this on but when I sign into Amazon now it doesn't ask me to authenticate with my phone or with FaceID/TouchID. It just goes to 2FA. I thought 2FA was the problem...Kind of redundant but I guess you can't be too safe. So just for testing, I turned off 2FA, signed out and signed back in, nothing....It just signed in as normal and required a password. Not sure what's going on but I'm inclined to believe this feature isn't live yet.
Looks like Amazon’s implementation is still requiring 2FA if Passkey is used. It would be nice if that were reserved for only a backup password since 2FA will otherwise need to be disabled.
Dude, if they hold a gun to your head your going to cough up your PIN code also.. You will eventually cave in to touchID, FaceID or PIN code.. Since most of us don't face these problems, I would say faceID is very secure..
I have a question. If I do this, does that mean that other people who have access to my Amazon account will no longer be able to get in? Or will they still be able to use the password?
So how will this work if you've got four or five family members that access the same Prime account on their iPhones?