Screw them.
This is by FAR the most secure authentication method. I wouldn’t be surprised if this is the standard going forward for all our systems
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Aiming to Replace Passwords With New Passkey Feature
- Thread starter MacRumors
- Start date
- Sort by reaction score
This is by FAR the most secure authentication method. I wouldn’t be surprised if this is the standard going forward for all our systems
Yeah, I would probably dump 1Password after being a user since they started. Not crazy about their subscription model, funding which will have to lead to a wider income producing model. Not feeling trust with them anymore.
However 1Password works across my PC and Mac seamlessly and that is something Apple Password is just starting to do…
However 1Password works across my PC and Mac seamlessly and that is something Apple Password is just starting to do…
The biggest problem with Apple is the failure to stop people changing associated email and security details if the passcode is compromised. It’s becoming more common that criminals demand the passcode when taking a phone, which effectively opens the door to the whole of your files, iCloud emails, keychain passwords and photos if you are in the Apple ecosystem.
Want to log in but Face ID doesn’t recognise you? No problem, just type in the passcode. Need to change your Apple password? No problem, just type in the passcode.
This is a big problem if you’re travelling, you’d be locked out of everything if you had no Apple device, whilst whoever has your phone is having fun with all of the passwords.
You can try and use screen time to lock changes to account details, but you can still just go to appleID.Apple.com and the phone conveniently logs you in without an issue.
Much better is to use 1password which keeps your passwords protected in a separate system which cannot be compromised in the same way since it either uses biometric or the 1password password, and not an all access passcode.
I love the convenience of having everything in one place but it presents some massive security issues.
If Apple actually forced the use of the master password when doing account changes that would help immensely.
Want to log in but Face ID doesn’t recognise you? No problem, just type in the passcode. Need to change your Apple password? No problem, just type in the passcode.
This is a big problem if you’re travelling, you’d be locked out of everything if you had no Apple device, whilst whoever has your phone is having fun with all of the passwords.
You can try and use screen time to lock changes to account details, but you can still just go to appleID.Apple.com and the phone conveniently logs you in without an issue.
Much better is to use 1password which keeps your passwords protected in a separate system which cannot be compromised in the same way since it either uses biometric or the 1password password, and not an all access passcode.
I love the convenience of having everything in one place but it presents some massive security issues.
If Apple actually forced the use of the master password when doing account changes that would help immensely.
Brilliant idea
Lost count of all the daft passwords I have to remember each day
Lost count of all the daft passwords I have to remember each day
Password manager + randomly generated passwords is very close to this. I figure FIDO is only doing this because it's more secure for the average user, who is not using random passwords.
Wait, is there a way to use these if you don't have an Apple device? Would expect an alliance standard to work equally for other platforms.
Last edited:
2FA is a bit different cause it's hard and expensive for other sites to implement, plus they can never do as good a job as Apple, Google, etc. Better for those sites to use any kind of shared secret and for the user's keystore to keep it safe with its own 2FA.
Of course some sites do 2FA anyway because it's expected that many users just punch in weak passwords.
Last edited:
It will support 1Password, which already has the same kind of system implemented in 1Password 8. I'm using it currently. And both Monterey and iOS 15 already supports 1Password's ability to handle 2FA like Passkeys will.
I'm sticking with 1Password because of all the things it does that KeyChain doesn't.
Right now I also use Keychain as well, but I'm planning on transitioning to all 1Password. Not because Keychain isn't reliable. It most certainly is. it's just 1Password does a better job.
I thought I was going to be using Yubikeys for years to come. Apparently not for much longer. With Google, Microsoft, and Apple all pressing this, it will be spread much faster to way more sites than YubiKey has been able to do to convince websites to do what's right.
We use YubiKeys at work, and while it makes sense there, I could never see them catching on for regular users. Passkey is the right move.
Bring it on!!
Security, convenience and eco system compatible all in one
Security, convenience and eco system compatible all in one
I agree except for the acquisition. I like something so fundamental as password management to be OS agnostic. I like to keep the basics in a place where I could bail on any device if I wanted to.
I use yubikeys as well. This is the correct solution.
The whole 2FA token built into iCloud Keychain is stupid as well. All factors on the same physical device is completely and utterly wrong.
We already have this. But more secure as it’s actually your ID backed with banking security and verification
I'm wondering if you have Find My activated and then you get locked out of iCloud by Apple how can you deactivate it ? If it can't be deactivated then the device can't be reset or sold unless you remove it from your iCloud list of devices and deactivate Find My.
A lot of assumptions with no data backing it up. EU citizens have voted for the politicians, the parties, coalitions and heads of states supporting the Gate keeping clause used in DMA. It’s nothing to do about “open os” or standards. It’s anti competition laws.
The EU treats companies the same. It’s almost like you seriously believe EU never sues or drags big EU firms to court or implement same standards for everyone.
EU do not accept any ******** from any company. Just because your big doesn’t give you some new rights, only more obligations.
How is this going to work on Mac devices with no Touch ID?
iCloud Keychain? No thank you. The system is to buggy to be seriously relied upon. Keychain has 5 different passwords for one of my Apple ID accounts, none of them are correct. I was locked out of my Apple ID for 2 months because AppleCare wasn't allowed to tell me which of my devices was pinging the account and aborting the recovery. It was an absolutely awful experience. There was a reason Steve Jobs fired the MobileMe leadership. Apparently Tim needs to follow that example and clean house within the iCloud team as well.
So even if somebody loses all his Apple devices, Apple still has a copy of the passkeys on their servers? Could they in theory give those passkeys to the FBI if they are forced to by one of those "secret courts"? If they can recover those passkeys without any private key that is stored on my devices, would they technically still need the user to give his permission to do that?
Also if Apple really works with the Fido Alliance, why do you still need an iPhone to use Passkey on a Windows or Android device? Doesn't that go against the principles of the Fido alliance?
Also if Apple really works with the Fido Alliance, why do you still need an iPhone to use Passkey on a Windows or Android device? Doesn't that go against the principles of the Fido alliance?