What are Apple's 'Passkeys' that make passwords a thing of the past?

It is a well-known fact that passwords are no longer secure, as the media reports that passwords have been leaked or stolen on a daily basis. At the annual developer event WWDC22 on June 7, 2022, Apple unveiled a demonstration of

Passkeys , a mechanism for signing in to any service without a password using Touch ID or Face ID. ..

Apple'passkeys' could finally kill off the password for good | TechCrunch

The 'Passkeys' demonstration released by Apple can be seen from around 1 hour 19 minutes 44 seconds after the start of the following movie that summarizes the announcement of WWDC22.

WWDC 2022 --June 6 | Apple --YouTube

If you use Passkeys, enter the email address that will be your ID ...

You can sign in just by authenticating with Face ID or Touch ID.

Creating Passkeys on a site creates an electronic key that is valid only on that site. Passkeys aren't subject to phishing scams because they don't originate from your device when you sign in, and they aren't stored on the server and aren't stolen by hacking.

Passkeys are backed up in

iCloud Keychain and can be synced between Mac, iPhone, iPad and Apple TV with end-to-end encryption.

Passkeys was developed in collaboration with Google and Microsoft, which participate in the FIDO Alliance , a new authentication technology standardization body.

Therefore, if Passkeys is realized, it will be possible to sign in to websites and applications on nearby third-party devices simply by using the iPhone.

Passkeys is based on the web authentication API ' WebAuthn ', which is a standard that uses public key cryptography instead of passwords when authenticating websites and apps, and as mentioned above, data is stored on the device instead of the server. , The possibility of leakage or infringement is very low.

Also, when signing in, instead of entering the password, the QR code etc. is read by the smartphone, and the fingerprint authentication and face authentication required by the pop-up display are used for authentication, so there is no need to remember a long password.

Apple, Google, and Microsoft aim to introduce this new passwordless authentication standard to their platforms by the end of 2023. 'If Apple's demo at WWDC is true, macOS Ventura, iOS 16, and iPadOS 16 will be the first operating systems to support this new sign-in standard,' said TechCrunch, an IT news site.

in Software,   Security, Posted by log1l_ks