“…Apple framed Passkeys as the result of its collaboration with the FIDO Alliance, the cross-industry consortium dedicated to promoting the development and proliferation of post-password security standards and solutions.”
At its 2022 Worldwide Developers Conference this week, Apple has unveiled a new password management feature that the company says is unphishable.
Dubbed “Passkeys”, the new solution is designed to create a unique digital code for each online account that the user visits using Apple’s Safari browser. The code is stored on the user’s device, and can only be unlocked using Touch ID or Face ID, the iPhone’s pioneering biometric authentication mechanisms.
That doesn’t mean a user can only access their online accounts using one particular device. Apple’s Passkeys are designed to sync across all of a user’s Apple devices, with the iPhone acting as a kind of security key to enable biometric login whenever an online account is accessed through another device.
In announcing the new solution, Apple framed Passkeys as the result of its collaboration with the FIDO Alliance, the cross-industry consortium dedicated to promoting the development and proliferation of post-password security standards and solutions. In May, the FIDO Alliance and the World Wide Web Consortium announced that they were working with Apple, Google, and Microsoft to develop passwordless login standards that would operate across the tech giants’ various browsers operating systems.
Apple’s Passkeys appear to be a tentative step in that direction. They do bypass the need for password-based security while simultaneously offering what appears to be an even stronger form of authentication; but at the moment their functionality appears to be restricted to Apple’s own ecosystem.
That’s very much in keeping with Apple’s reputation as something of an autocrat – or perhaps a philosopher king, if you’re fan – in rigidly controlling its own device and software ecosystem. But last month’s announcement from FIDO and W3C indicated that the tech giants planned to unfurl their collaboration gradually, over the course of the coming year, so there is still plenty of time for the emergence of interoperability.
In any case, the Passkeys themselves will be welcomed by many users and security experts as an important security advancement for Apple device owners. Perhaps more importantly, they could help to inform security efforts on the part of other tech companies – including Microsoft and Google – given Apple’s history as a trendsetter. The company’s launch of Touch ID in 2013 helped to catalyze the mobile biometrics revolution, and its launch of Face ID in 2017 set off a wave of copycat efforts that helped to make selfie-based authentication a leading approach to mobile security.
Sources: Help Net Security, CNET, Engadget