Apple Aiming to Eliminate Passwords With Face ID/Touch ID Passkeys

[MacRumors]

Apple is developing a new passkey feature that will allow customers to use Face ID and Touch ID-based account authentication in lieu of a password, Apple engineer Garrett Davidson explained today in a WWDC developer session (via CNET).

"Passkeys in iCloud Keychain," a feature in iOS 15 and macOS Monterey, stores a new WebAuthn credential called a passkey in iCloud keychain. It's used instead of a password for account creation and login, with one-tap login.

When you create an account using a passkey, there is no password to deal with. You can access that account with just a login and authentication through Touch ID or Face ID.

No password is required because your Apple device handles the generation and storage of the unique passkey used for the site, so login is just a matter of entering a username and authenticating. Passkeys are end-to-end encrypted and synced across all of your Apple devices thanks to iCloud Keychain. Since everything is stored in iCloud Keychain, credentials are preserved even if Apple devices are lost or stolen.

Passkeys are more secure than most password plus two-factor authentication solutions, and developers can easily implement support for logins via passkeys.

At the current time, passkeys only work with Apple devices, so Apple is talking to partners at FIDO and the World Wide Web Consortium about a wider solution that would allow users to eliminate passwords across non-Apple devices as well.

Passkeys in iOS 15 and macOS Monterey are designed for testing and are not for production accounts as Apple tests the feature. Apple is allowing developers to test passkeys as part of a multiyear effort to replace passwords.

The emphasis of this preview is the authentication technology, an iCloud Keychain-backed WebAuthn implementation. An industry-wide transition away from passwords will need thoughtful and consistently applied design patterns, which are not part of this preview.

Passkeys can be seen in greater detail in Apple's full WWDC session "Move beyond passwords."

Article Link: Apple Aiming to Eliminate Passwords With Face ID/Touch ID Passkeys

 

[countryside]

I bet that gets complicated when signing in on a non-Apple device... I have found Sign in with Apple to be difficult enough at times.

 

[Apple Knowledge Navigator]

This would be soooo good. eBay might be using this feature; you can sign in with Touch ID rather than a password on their home website.

 

[cmaier]

This would be soooo good. eBay might be using this feature; you can sign in with Touch ID rather than a password on their home website.

No they are not

 

[GadgetBen]

Potential accidental slip that the new iPhone will have both Touch ID and Face ID.

(Touch ID anywhere under the screen)

 

[jz0309]

sounds quite interesting, good move

 

[jz0309]

Potential accidental slip that the new iPhone will have both Touch ID and Face ID.

(Touch ID anywhere under the screen)

why? it's an ios15 feature, iOS will work on older touchid iPhones, so good backward thinking by Apple

 

[Spudlicious]

Potential accidental slip that the new iPhone will have both Touch ID and Face ID.

(Touch ID anywhere under the screen)

Or could be just recognising the vast number of Touch ID devices in existence and still (MacBooks, iPhone SE) being sold.

 

[GadgetBen]

Siri can already detect who is speaking, so why not throw in this as a third authentication possibility?

Especially as Siri is now moving 'on device' to the Secure Enclave........

 

[NinjaHERO]

I love the idea of touch/face ID replacing all my passwords. But the fact that I still have to enter a 4/6 digit simple password to get into my Iphone every week or two concerns me. Why aren't these features good enough to remove the simple passcode on our own devices?

 

[So@So@So]

The feature should integrate with the password manager I use - I don't like iCloud Keychain (my passwords / passkeys will never make it to the cloud) !

 

[GadgetBen]

Or could be just recognising the vast number of Touch ID devices in existence and still (MacBooks, iPhone SE) being sold.

Are you the one that bought DOGE at 0.70?

 

[Spudlicious]

I like this plan a lot but I think it would really need multiple accounts to be implemented across the board in iOS.

 

[Spudlicious]

Are you the one that bought DOGE at 0.70?

Sorry, that’s gone right over my head. No idea. Not a Scooby.

 

[aforty]

The problem is those 3% of times I'm on a non-Apple device and I bet this is a pain, especially logging in with my Apple ID and the subsequent 2-factor code.

 

[Moccasin]

Sounds like a great idea, but what happens outside of the Apple ecosystem? For example logging into an account from an employer’s Windows machine or if (heaven forbid) a user leaves Apple’s world?

 

[RedTheReader]

Is this any different from a user just setting a longer, more complicated password when making their account? When I'm making an account for a new site, I can have iCloud Keychain generate a complicated password and store it. This sounds like the same thing, but with a "WebAuthn credential" instead of a complicated password.

If it's different, can someone explain how?

 

[itti]

Guess what? You try to log in a website on a friend’s laptop and only find out she uses windows

 

[AngerDanger]

I bet that gets complicated when signing in on a non-Apple device... I have found Sign in with Apple to be difficult enough at times.

So you see why Apple would love this.

 

[chandler55]

would be nice if every website just asked your iphone for confirmaiton its you. no passwords ever again

 

[nutmac]

Along with 2FA, this is a great stuff.

However, I wish Apple would make an app for managing passwords, credit cards, and passkeys. Burying them in the Settings app (or Safari Passwords Preferences or awful Keychain Access utility in macOS) is just not scalable.

 

[mnsportsgeek]

Please give me access to my passwords on my work PC, Apple. We would all drop 1Password in a minute.

 

[Apple_Robert]

I like the direction Apple is headed. Hopefully, it will become more mainstream.

 

[lowbatteries]

Is this any different from a user just setting a longer, more complicated password when making their account? When I'm making an account for a new site, I can have iCloud Keychain generate a complicated password and store it. This sounds like the same thing, but with a "WebAuthn credential" instead of a complicated password.

If it's different, can someone explain how?

Yes, it's different. It's like how SSH keys are handled. Your actual key is never sent to the remote site, so even if that site is somehow compromised, they won't get your key.

The "paint" analogy is my favorite:

 

[nottorp]

So... if you create an account for something on an Apple device you will be unable to use it on something non Apple?

Vendor lock in anyone?