Passwords have been around long enough that it’s a ubiquitous element to securing things just about anywhere. But while there are always strides to make them as secure as possible, there’s always that chance it won’t be enough. Which is why companies like Apple and many others are working on new ways to go beyond the password.
That continues with a recent developer session held during this year’s Worldwide Developers Conference. This one was entitled “Move beyond passwords,” and it was first noticed by CNET. The goal is to, well, move beyond passwords and embrace a new reality. In this case, “passkeys” that are authenticated by the biometric security measures Face ID and/or Touch ID.
Garrett Davidson is an engineer at Apple and hosted the latest session detailing one of Apple’s many new security-focused endeavors with iOS 15 (and its other platforms). The new feature in this case is called “passkeys in iCloud Keychain” and it’s avaialble for iOS 15 and macOS 12 Monterey.
With passkeys in iCloud Keychain, the feature will automatically generate a new WebAuthn credential, which is the passkey. That’s stored in iCloud, and accessible via a single tap log-in prompt. This passkey is generated instead of a password, and it’s made upon account creation.
The adoption on the part of the end user is the fact they’ll be effectively not creating a password for a log-in on a service or site or app. That may be a tough pill to swallow for some customers — even if the new passkey is stored, and encrypted, in iCloud — and requires Face ID or Touch ID to authenticate. With the device handling the authentication aspect on the site, service, or app directly, a password isn’t required. The passkey takes care of that.
Per the intro for the developer session:
Despite their prevalence, passwords inherently come with challenges that make them poorly suited to securing someone’s online accounts. Learn more about the challenges passwords pose to modern security and how to move beyond them. Explore the next frontier in account security with secure-by-design, public-key-based credentials that use the Web Authentication standard. Discover in this technology preview how Apple is approaching this standard in iOS 15 and macOS Monterey.
The good news is that developing this tool appears to be relatively easy. So, if developers want to offer up a bit more security while logging in for their users, this is one option to do that.
What do you think of this idea? Would you be willing to scrap your password(s) for a passkey that you never really know?