Passwords are obsolete at Apple, at least in the long term: Instead of having to set more or less secure passwords with a high risk of compromise for accounts, passkeys are to be used in the future as part of a public-key encryption process when logging into apps, websites and services. Apple wants to significantly expand support for standard web authentication (WebAuthn), which already provides for a passwordless login.
Virtual security key instead of key hardware
With iOS 14.5, for the first time, all iOS browsers support WebAuthn and thus a passwordless login with an (external) security key. With iOS 15 and macOS 12, apps should also be able to integrate this via an interface in order to enable secure login via security key, like Apple announced at the developer conference WWDC.
A security key for managing private keys is very safe, practical and easy to use, but not every user always wants to carry around another piece of hardware that can be lost, according to Apple.
Key comparison via iCloud keychain
Similar to Android and Windows 10, the iPhone group wants to offer a virtual security key (“Platform Authenticator”) with its upcoming operating system versions, which stores the private keys or “Passkeys” in a secure form on iPhones, iPads and Macs. To make the use of the passkeys more convenient, they are integrated into Apple’s iCloud keychain and synchronized on all of the user’s devices so that they can log in to their own accounts at any time. The iCloud keyring is protected by end-to-end encryption.
Apple is currently running the functionality as a technology preview, developers can activate this in the first pre-release versions of iOS 15 and macOS 12 for test purposes – the passkeys are not yet intended for live use, according to the company.
The transition to a passwordless future will take several years, according to Apple – it is also an industry-wide effort of which one is only a part, according to the company. For example, it is still open how users can log into their accounts from other platforms without having to carry the keys on their own Apple hardware. Recently, at least Windows users can access their iCloud keychain with a Chrome extension. With iOS 15 and macOS 12, the iCloud keychain also has a code generator to create codes for two-factor protection yourself – and ideally to be able to insert them when you register.