MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,023
14,770


Apple is developing a new passkey feature that will allow customers to use Face ID and Touch ID-based account authentication in lieu of a password, Apple engineer Garrett Davidson explained today in a WWDC developer session (via CNET).

apple-passkey.jpg

"Passkeys in iCloud Keychain," a feature in iOS 15 and macOS Monterey, stores a new WebAuthn credential called a passkey in iCloud keychain. It's used instead of a password for account creation and login, with one-tap login.

When you create an account using a passkey, there is no password to deal with. You can access that account with just a login and authentication through Touch ID or Face ID.

No password is required because your Apple device handles the generation and storage of the unique passkey used for the site, so login is just a matter of entering a username and authenticating. Passkeys are end-to-end encrypted and synced across all of your Apple devices thanks to iCloud Keychain. Since everything is stored in iCloud Keychain, credentials are preserved even if Apple devices are lost or stolen.

Passkeys are more secure than most password plus two-factor authentication solutions, and developers can easily implement support for logins via passkeys.

At the current time, passkeys only work with Apple devices, so Apple is talking to partners at FIDO and the World Wide Web Consortium about a wider solution that would allow users to eliminate passwords across non-Apple devices as well.

Passkeys in iOS 15 and macOS Monterey are designed for testing and are not for production accounts as Apple tests the feature. Apple is allowing developers to test passkeys as part of a multiyear effort to replace passwords.
The emphasis of this preview is the authentication technology, an iCloud Keychain-backed WebAuthn implementation. An industry-wide transition away from passwords will need thoughtful and consistently applied design patterns, which are not part of this preview.
Passkeys can be seen in greater detail in Apple's full WWDC session "Move beyond passwords."

Article Link: Apple Aiming to Eliminate Passwords With Face ID/Touch ID Passkeys
 
  • Love
Reactions: SurferPup

NinjaHERO

macrumors 6502a
Aug 29, 2008
938
1,126
U S of A
I love the idea of touch/face ID replacing all my passwords. But the fact that I still have to enter a 4/6 digit simple password to get into my Iphone every week or two concerns me. Why aren't these features good enough to remove the simple passcode on our own devices?
 
Comment

So@So@So

macrumors newbie
Sep 26, 2019
13
17
The feature should integrate with the password manager I use - I don't like iCloud Keychain (my passwords / passkeys will never make it to the cloud) !
 
Comment

aforty

macrumors 65816
Nov 27, 2007
1,399
487
Brooklyn, NY
The problem is those 3% of times I'm on a non-Apple device and I bet this is a pain, especially logging in with my Apple ID and the subsequent 2-factor code.
 
Comment

Moccasin

macrumors 65816
Mar 21, 2011
1,002
210
Newcastle, UK
Sounds like a great idea, but what happens outside of the Apple ecosystem? For example logging into an account from an employer’s Windows machine or if (heaven forbid) a user leaves Apple’s world?
 
  • Like
Reactions: decypher44
Comment

RedTheReader

macrumors regular
Nov 18, 2019
204
403
Is this any different from a user just setting a longer, more complicated password when making their account? When I'm making an account for a new site, I can have iCloud Keychain generate a complicated password and store it. This sounds like the same thing, but with a "WebAuthn credential" instead of a complicated password.

If it's different, can someone explain how?
 
Comment

itti

macrumors newbie
Oct 29, 2019
11
1
Guess what? You try to log in a website on a friend’s laptop and only find out she uses windows;)
 
Comment

chandler55

macrumors newbie
Jul 14, 2008
15
9
would be nice if every website just asked your iphone for confirmaiton its you. no passwords ever again
 
Comment

nutmac

macrumors 603
Mar 30, 2004
5,131
4,422
Along with 2FA, this is a great stuff.

However, I wish Apple would make an app for managing passwords, credit cards, and passkeys. Burying them in the Settings app (or Safari Passwords Preferences or awful Keychain Access utility in macOS) is just not scalable.
 
Comment

lowbatteries

macrumors regular
Mar 21, 2008
222
12
Is this any different from a user just setting a longer, more complicated password when making their account? When I'm making an account for a new site, I can have iCloud Keychain generate a complicated password and store it. This sounds like the same thing, but with a "WebAuthn credential" instead of a complicated password.

If it's different, can someone explain how?
Yes, it's different. It's like how SSH keys are handled. Your actual key is never sent to the remote site, so even if that site is somehow compromised, they won't get your key.

The "paint" analogy is my favorite:
 
Comment

nottorp

macrumors regular
May 12, 2014
144
132
Romania
So... if you create an account for something on an Apple device you will be unable to use it on something non Apple?

Vendor lock in anyone?
 
  • Like
Reactions: chris1958
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.