We've been promised a safer, password-free future for years. But it seems that 2022 will really be the year when millions of people stop using passwords. Apple announced Passkeys at the WWDC 2022. This means that passwordless logins will be available for Macs, iPhones and iPads with the next update of the operating system in autumn. You will no longer need to use passwords to log into websites and apps with "Passkeys" on iOS16 and macOS ventura. This is the first significant real-world shift towards password elimination.
Passkeys allows you to verify who you are when you log in to the website again. You can use your biometrics instead of typing in a password or having your password manager enter it. Signing in to a website from a Mac will display a prompt on your iPhone/iPad to confirm your identity. Apple claims that its Passkeys can be synced across all your devices with iCloud's Keychain. The Passkeys are stored on the devices and not on servers. Apple's Passkeys, which are based on Web Authentication API (WebAuthn) are end-to-end encrypted. To prove that you are who you claim to be, the system for creating Passkeys uses public/private key authentication.
For most people, a passwordless system is a major step forward in online security. Not only does it eliminate guessable passwords but it also reduces the chance of successful Phishing attacks. Passwords cannot be stolen in data breaches if the password is not there in the first instance. Some apps and websites allow users to log in with their fingerprints or face recognition. However, these accounts usually require that you create an account with passwords first.
Apple's Passkeys were first presented at last year's WWDC, and then tested thereafter. Apple is not the only company that wants to get rid of passwords. Since almost a decade, the FIDO Alliance has been developing the underlying standards required to eliminate passwords. Apple's Passkeys represent the implementation of these standards.
FIDO took a number of steps in recent months to make the password's end closer to becoming a reality. FIDO revealed in March that it had found a way to store cryptographic keys which sync between devices. They called them "multi-device FIDO credentials", or "passkeys."
In May, Apple, Microsoft, as well as Google declared their support for FIDO standards. Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency said that the adoption of these standards would make it safer online. The three tech giants stated that they would begin rolling out the technology "over time" in the next year. Microsoft account holders have been able to delete their passwords since September last year. Google has been working on passwordless technology for its users since 2008.
Once all tech companies have released their versions of passkeys it should be possible for this system to work across devices. In theory you could use an iPhone to log into a Windows laptop or an Android tablet in Microsoft Edge Browser to log in. Andrew Shikiar (executive director of FIDO Alliance) says that all of FIDO's specifications have been created collaboratively with inputs from industry. Shikiar confirms Apple was the first company to roll out passkey-style technology, and states that this is a sign of "how tangible this approach" for consumers around the world.
If this works out in realty, this is the key to a passwordless future. But there are still unanswered questions regarding Passkeys, if you decide to leave Apple's ecosystem in favor of Android or another platform. Also, developers still have to make changes to their websites and apps in order to use Passkey. People need to understand how any system works in order to trust it.
Although Apple's Passkey, Google's and Microsoft's equivalents may be months away (at least), this doesn't mean that you shouldn't continue to use weak passwords. No matter if you're using a password for a temporary account to purchase DIY supplies, or for your Facebook account, it should be strong and unique. You should not use common phrases, names or pets of friends, or any personal information that is linked to you in your passwords.
For the time being, your passwords should be strong and long and a password manager is the best way to do this. It can help you store and create stronger passwords. And while you think about security, enable multi-factor authentication on as many accounts as possible, because it will take a while before the passwordless future arrives.
To speed things up, you should ask your online service providers to start implementing passwordless systems. Be it online shops or streaming services: ask them about passwordless logins. The earlier they start working on it, the earlier you get rid of your passwords.
What is Passwordless Authentification and why is it important?
Photo by Miguel Á. Padriñán from Pexels
Digital trends that will impact your business
We monitor latest digital trends and assess their value for your online business.