On the first day of the World-Wide Developers Conference (WWDC) 2022, Apple announced Passkeys. The company said access keys replace passwords for logging into websites and apps. Not just a replacement, but they are faster, secure and much easier to use. One of the main advantages of Passkeys is that they are not prone to phishing type passwords. Apple designed Passkeys to work on all of its devices, including non-Apple devices in physical proximity.
Passkeys are built on the WebAuthentication standard using public key cryptography. When the user registers an account, the Apple device’s operating system creates a unique cryptographic pair to be associated with an account for the website or app. One of the keys will be stored on a private server while the other will be public and not secret at all. However, to log in to the account, a private key will be required. Additionally, Apple has ensured that the private key is never learned by the server.
Apple uses Face ID and Touch ID for passkeys
Apple devices that support Face ID or Touch ID or both can be used to authorize the use of Passkey. The device’s security system can serve as a means of authenticating the user to the website or application. Apple said the server doesn’t need to protect the public key.
The advantage of being in an ecosystem of Apple products is that iCloud can help synchronize the experience and activities between multiple devices. Passkeys were designed by Apple to take advantage of iCloud Keychain for syncing across a user’s multiple devices. This means that users can authenticate login on multiple devices using the same password if their iCloud ID is active on them.
Apple not only ensures that its users have a safe experience, but also creates an ecosystem lock that would like users to stick with Apple products.