Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
56,970
19,812


Apple is developing a new passkey feature that will allow customers to use Face ID and Touch ID-based account authentication in lieu of a password, Apple engineer Garrett Davidson explained today in a WWDC developer session (via CNET).

apple-passkey.jpg

"Passkeys in iCloud Keychain," a feature in iOS 15 and macOS Monterey, stores a new WebAuthn credential called a passkey in iCloud keychain. It's used instead of a password for account creation and login, with one-tap login.

When you create an account using a passkey, there is no password to deal with. You can access that account with just a login and authentication through Touch ID or Face ID.

No password is required because your Apple device handles the generation and storage of the unique passkey used for the site, so login is just a matter of entering a username and authenticating. Passkeys are end-to-end encrypted and synced across all of your Apple devices thanks to iCloud Keychain. Since everything is stored in iCloud Keychain, credentials are preserved even if Apple devices are lost or stolen.

Passkeys are more secure than most password plus two-factor authentication solutions, and developers can easily implement support for logins via passkeys.

At the current time, passkeys only work with Apple devices, so Apple is talking to partners at FIDO and the World Wide Web Consortium about a wider solution that would allow users to eliminate passwords across non-Apple devices as well.

Passkeys in iOS 15 and macOS Monterey are designed for testing and are not for production accounts as Apple tests the feature. Apple is allowing developers to test passkeys as part of a multiyear effort to replace passwords.
The emphasis of this preview is the authentication technology, an iCloud Keychain-backed WebAuthn implementation. An industry-wide transition away from passwords will need thoughtful and consistently applied design patterns, which are not part of this preview.
Passkeys can be seen in greater detail in Apple's full WWDC session "Move beyond passwords."

Article Link: Apple Aiming to Eliminate Passwords With Face ID/Touch ID Passkeys
 
  • Love
Reactions: SurferPup

NinjaHERO

macrumors 6502a
Aug 29, 2008
951
1,153
U S of A
I love the idea of touch/face ID replacing all my passwords. But the fact that I still have to enter a 4/6 digit simple password to get into my Iphone every week or two concerns me. Why aren't these features good enough to remove the simple passcode on our own devices?
 

So@So@So

macrumors member
Sep 26, 2019
70
251
The feature should integrate with the password manager I use - I don't like iCloud Keychain (my passwords / passkeys will never make it to the cloud) !
 

aforty

macrumors 65816
Nov 27, 2007
1,443
708
Brooklyn, NY
The problem is those 3% of times I'm on a non-Apple device and I bet this is a pain, especially logging in with my Apple ID and the subsequent 2-factor code.
 

Moccasin

macrumors 65816
Mar 21, 2011
1,003
211
Newcastle, UK
Sounds like a great idea, but what happens outside of the Apple ecosystem? For example logging into an account from an employer’s Windows machine or if (heaven forbid) a user leaves Apple’s world?
 
  • Like
Reactions: decypher44

RedTheReader

macrumors 6502
Nov 18, 2019
319
727
Is this any different from a user just setting a longer, more complicated password when making their account? When I'm making an account for a new site, I can have iCloud Keychain generate a complicated password and store it. This sounds like the same thing, but with a "WebAuthn credential" instead of a complicated password.

If it's different, can someone explain how?
 

itti

macrumors member
Oct 29, 2019
34
25
Guess what? You try to log in a website on a friend’s laptop and only find out she uses windows;)
 

chandler55

macrumors newbie
Jul 14, 2008
18
9
would be nice if every website just asked your iphone for confirmaiton its you. no passwords ever again
 

nutmac

macrumors 603
Mar 30, 2004
5,566
5,793
Along with 2FA, this is a great stuff.

However, I wish Apple would make an app for managing passwords, credit cards, and passkeys. Burying them in the Settings app (or Safari Passwords Preferences or awful Keychain Access utility in macOS) is just not scalable.
 

lowbatteries

macrumors regular
Mar 21, 2008
231
23
Is this any different from a user just setting a longer, more complicated password when making their account? When I'm making an account for a new site, I can have iCloud Keychain generate a complicated password and store it. This sounds like the same thing, but with a "WebAuthn credential" instead of a complicated password.

If it's different, can someone explain how?
Yes, it's different. It's like how SSH keys are handled. Your actual key is never sent to the remote site, so even if that site is somehow compromised, they won't get your key.

The "paint" analogy is my favorite:
 

nottorp

macrumors regular
May 12, 2014
194
213
Romania
So... if you create an account for something on an Apple device you will be unable to use it on something non Apple?

Vendor lock in anyone?
 
  • Like
Reactions: chris1958
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.