Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 17 and macOS Sonoma Add Passkey Support to Your Apple ID
- Thread starter MacRumors
- Start date
- Sort by reaction score
Shirasaki
macrumors P6
Ok, passkey, nice.
except when it is unavailable. For example, one already points out windows PC login issue.
Also, things happen. What would be the backup in case passkey is lost/destroyed? Will password still be available?
Using passkey to replace password is like replacing a lock that can only have battery replaced from inside the room and no mechanical fallback, then battery dies One way while you are out.
To me, a strong password is still the cornerstone of a secured Apple ID, and it cannot be replaced by Face ID, Touch ID, or passkey. Even after all these years, Apple still doesn’t completely ditch passcode or password just because biometric seems powerful and amazing, which I think is not a bad thing.
except when it is unavailable. For example, one already points out windows PC login issue.
Also, things happen. What would be the backup in case passkey is lost/destroyed? Will password still be available?
Using passkey to replace password is like replacing a lock that can only have battery replaced from inside the room and no mechanical fallback, then battery dies One way while you are out.
To me, a strong password is still the cornerstone of a secured Apple ID, and it cannot be replaced by Face ID, Touch ID, or passkey. Even after all these years, Apple still doesn’t completely ditch passcode or password just because biometric seems powerful and amazing, which I think is not a bad thing.
Passkeys remove the biggest threat to passwords - phishing.
Do pass keys help solve the issue of your passcode being the key to your wallet/keychain? I’m fine with Touch ID and FaceID security but once someone lifts your passcode it’s game over.
I just want a guest PIN so people can get into my phone without access to the sensitive areas of the phone.
I just want a guest PIN so people can get into my phone without access to the sensitive areas of the phone.
I don't get passcode, passphrases or any of this security stuff. It strikes me that having a single password for a device which allows access to all my apps, web sites, etc actually lowers security. If someone gets my device password and can log into my device, they then have access to everything.
What am I missing here? Must be something important, because everyone is very excited about passcodes. Please explain how this is 'more secure'.
In the meantime, I will continue to use separate passwords and non email address user names, for all my apps, web sites etc.
What am I missing here? Must be something important, because everyone is very excited about passcodes. Please explain how this is 'more secure'.
In the meantime, I will continue to use separate passwords and non email address user names, for all my apps, web sites etc.
Don't use apple keychain. Use a separate password manager - at least until Apple stops using an easily guessed PIN code to unlock the keychain.
Pretty sure they're not getting rid of passwords.
Doesn't do anything to passcodes, meaning someone sees your passcode and steals your device it's the same problem as before.
We don't know how to really solve this issue without creating other issues, simply put. Like if you can't take your phone off your account without a USB security on your account, what happens if you move across the country and forgot your key for some reason, or lost it on the way? You have your devices but you can't do anything with your account now. Some people can live with this limitation, and some people can't, so it's hard to decide which way to go, and if we let people have the option then people might not understand the limitations of the system they went with.
Of course something should be done about the issue, just saying it's more complicated than just "Apple should do this once and for all!"
The way it's more secure is it's impossible to get phished, the tech simply doesn't allow it. A site could fake out Apple's site and your device will not allow any information to get into the fake site that could be used to log in to your account.
And that's passkeys, not passcodes, by the way. Passcodes are the PIN you enter to get into Apple devices. It doesn't affect passcodes to support passkeys, the issue is still there that people could "shoulder surf" and get into your device if they clearly see your passcode. Passcode security will take some careful consideration to fix, as I say above it's complicated, someone can still be negatively affected no matter what you do.
Passkeys are for online security, and not device security. They are basically equivalent to 2-factor in terms of security level, but only need to be supplied once.
Good explanation. To (somewhat) solve the passcode thief issue, what if Apple provided people a toggle option to not let FaceID fallback to passcode? We can enable it if we want higher device security.
People turn off FaceID (using the passcode). If they made it use both it could cause problems, like maybe something about your face changed (I know it sounds stupid but if you shave or something or grow a mole it could screw up FaceID, and you should get that mole checked out, lol).
Robert.Walter
macrumors 68040
Hmm if in the rare case that FaceID fails, it could ask for the full AppleID password instead?
Password is still required (at this point, at least; not sure how things will unfold in the future).
And you can use the passcode to reset your AppleID password, back to square one.
Christ, that’s true. Guess treating it like your bank PIN is the only way.
macos9rules
macrumors 6502
I never really understood the advantages of using Passkey over a regular password.
Robert.Walter
macrumors 68040
Why not just use a complex alpha numeric passcode? With TID and FID It’s not like you have to enter it very often (we use our AID as our device passcode, that way nobody forgets either one.)
Agreed. I heard that at one point in the early days, Apple used to do it that way, but people complained because FaceID would fail and it would irritate people. But now FaceID has improved quite a bit and failure is rare.
What needs to be done is the Passkey and Keychain backup to Face-ID needs to be something else besides the phone's passcode, such as maybe the Apple ID password. But of course Apple also needs to stop allowing the Apple ID password being changed by the phone's passcode.
MrRom92
macrumors 68000
Yptcn
macrumors 68020
That doesn’t make any sense. Face ID and Touch ID are by definition ways to authenticate access to the device, and on that basis are analogous to the device passcode. That is why the fallback option for biometrics is the device passcode. At no point do you ever unlock your device with your Apple ID password (and if your Apple ID password were the fallback for Face ID or Touch ID, that’d be what the shoulder surfer would know and could therefore unlock the device).
What you need to do is prevent anyone from knowing what your device passcode is.
Passkeys are absolutely more secure than passwords. They are phishing proof, aren’t transmitted online and therefore can’t be hacked, and are an automatic form of 2FA as passkeys are something you have (the trusted device) and something you are or know (Face ID, Touch ID, passcode).