Passkey: Apple’s solution to end passwords


In line with the adoption of the FIDO standard, for passwordless authentication, Apple recently unveiled its new feature called Passkeys. A biometrics-based digital key system, coming this fall with the next updates of iOS 16, iPadOS 16 and macOS Ventura.

Are you too tired of having to create new passwords, getting longer and more complicated, knowing full well that you will forget them soon? Well, rejoice, this ordeal will soon end! As we announced last May, the digital giants Apple, Google and Microsoft have joined forces to prepare us for a password-less future. The three American companies, which alone manage the most important software and browsers in the world (iOS, macOS, Android and Windows on the one hand, Safari, Chrome and Edge on the other), have jointly committed to adopting support for the new FIDO standard. . A new Internet authentication standard, designed to be both more secure and simpler, FIDO stands for Fast identity online (or “Quick online identification”, in French).

We remind you that this new passwordless system plans to rely entirely on our precious smartphones. It is they who will act as a kind of virtual key, communicating directly via encryption with the sites or applications to allow access to our various online accounts. Even when we consult them from a computer, all we have to do is unlock our mobile device to connect, a bit like it already exists with two-factor authentication, but faster and more secure. And now we know a little more about what this new FIDO standard holds for us, very promising on paper, as Apple recently explained how this new system would work on its devices.

After giving a first taste of it in its traditional conference dedicated to developers, WWDC 2022, the Apple brand was able to further present its solution called Passkeys at the beginning of this month of August, in an interview with Tom’s guide. Specifically, two Apple representatives (Kurt Night, senior director of product marketing for the platform, and Darin Adler, vice president of Internet technologies) answered the specialized site’s questions about these new digital “access keys”. Which, it is learned, will arrive next fall via the iOS 16 (for iPhone), iPadOS 16 (for iPad) and macOS Ventura (for Mac) updates.

When Face ID and Touch ID chase passwords

First of all, Tom’s guide states in its report that Passkeys promises to be one of the safest solutions. On the one hand, because it is a virtual key stored locally on the device, and not on a server subject to hacker attacks. And on the other hand because it is completely insensitive to phishing attempts, knowing that it will remain secret even from the eyes of the user, who in reality does not need to know it to authenticate. Then, Apple representatives announce, not without surprise, that Apple brand biometric authentication systems will ensure the correct functioning of the passkeys. It is in fact by unlocking the iPhone, using the Touch ID fingerprint reader or Face ID facial recognition, that we will access this set of virtual keys. It will therefore be virtually impossible for another individual to access it.

With Passkeys it will be possible to authenticate to an online account simply by unlocking your iPhone.
With Passkeys it will be possible to authenticate to an online account simply by unlocking your iPhone. © Apple

While passkeys will work flawlessly within the Apple ecosystem, naturally communicating from an iPhone to an iPad or Mac through end-to-end encrypted sync via the iCloud Keychain tool, what happens with devices that aren’t flanked by the bitten apple. ? While it is against nature, the Cupertino company obviously thought about the possibility that we might need to connect to an online account on a machine that hasn’t left its factories, and found a rather simple solution to this “problem”: the QR Code. Generated on the Windows computer or Android tablet, the user only has to scan it on their iPhone or iPad, then authenticate via Touch ID or Face ID to access the account on the other device.

There you have it, Apple’s solution for a passwordless future. As mentioned, the Apple brand is not the only one to have taken this path, and there is no doubt that Google will soon unveil its own quick authentication system on Android. Of course, it will then be necessary to show a little patience, the time that everything is fine-tuned and above all that the developers of websites and applications in turn adopt this new standard. But the good news is that technology is moving in the right direction.

Sources: Apple, Phonandroid, Tom’s Guide


Leave a Comment