Style Living Self Celebrity Geeky News and Views
In the Paper BrandedUp Hello! Create with us Privacy Policy

Bye, passwords? Apple to introduce passkeys in iOS 16 and macOS Ventura update

By NICK GARCIA Published Sep 08, 2022 6:14 pm

(left) Alim Yakubov/Shutterstock, (right) screenshot from Apple website

Amid constant cybersecurity threats, California-based tech giant Apple is introducing a new security feature on its operating systems update: passkey.

Once iOS 16 (Sept. 12) and macOS Ventura (October) go live, users may strengthen their online accounts using a passkey, a unique cryptographic key pair generated by the device itself for every account.

It doesn't need to be typed or memorized like the normal password consisting of alphanumeric characters—which can be compromised due to human error or data breach.

In a video demo during Apple's Far Out event on Sept. 7 (Sept 8 Manila time), Garrett Davidson, an engineer on Apple's authentication experience team, explained in a video demo that one key is public, stored on Apple's servers, while the other is a private key that only exists in the device.

When signing in using a passkey, Davidson said the website or app's server sends a "challenge" to the device. The device, then, "responds" to the challenge with its private key, during which the user may be able to log in.

During the typical password log-in process, one will be asked to "save a passkey" for their account. Once they do so, they'll be prompted to authenticate the action through fingerprint (Touch ID) or facial recognition (Face ID), or other means of verification.

Upon creation, the passkey would be stored in Apple's management system, iCloud Keychain, which will sync and work across all devices running macOS Ventura and iOS 16.

"It's single tap to use. And the system will take care of only letting me use it in the correct app or website," Davidson said.

If logging in on another device, like a friend's computer, a message shows that one should use their phone to scan a QR code.

The QR code allows one's phone and the browser to securely connect to each other—through a local key agreement in an end-to-end encrypted communication channel—and the logging in process becomes successful.

Passkeys may also be shared with other nearby Apple users via the file transfer service AirDrop.

Apple's passkey technology uses the standards from California-based FIDO (Fast Identity Online) Alliance, which aims to develop and promote authentication standards that "help reduce the world’s over-reliance on passwords."

Other tech players like Google and Microsoft are also mulling over implementing the technology soon.

"All of us know we're supposed to create strong, unique passwords for every account," Davidson said. "But not many people actually do."

"Not only is the user experience better than a password, but also entire categories of security problems...like credential leaks and phishing are just not possible anymore," he added.

TAGS: Apple Cybersecurity passkey

About the author

NICK GARCIA

Nick writes about politics, law, health, entertainment, and pop culture, among others. Outside work, he's a wannabe musician and cook. Email him at [email protected].