In a WWDC developer session, Apple engineer Garrett Davidson explained how Apple has begun testing passkeys, a feature that will allow users to use Touch ID and Face ID-based authentication in place of passwords. As part of iCloud Keychain, the feature will be available for iPhone, iPad, and Mac this fall.
iCloud passkeys to replace passwords with Touch ID/Face ID
Passkeys in iCloud Keychain, a feature in iOS 15 and macOS Monterey, are pairs of private and public keys based on the WebAuthn standard. It is used in place of a password for account creation and login. Note that Passkeys are end-to-end encrypted and will be synced across a user’s devices so they can still be recovered if a device is lost. As explained in a WWDC developer session called “Move beyond passwords.”
If we examine how passwords work today, first you enter your password. Then, it’s usually obfuscated through something like hashing plus salting, and the resulting salted hash is sent to the server.
Now, both you and the server have a copy of the secret, even though the server’s copy is obfuscated, and you’re both equally responsible for protecting that secret.
This is what we’re getting rid of. With public/private key pairs, instead of a password, your device creates a pair of keys. One of these keys is public; just as public as your username. It can be shared with anyone and everyone, and is not a secret. The other key is private. This private key is a secret and is protected by your device. Your device never shares this key with anyone else, not even the server. When you create an account, your device generates these two associated keys. It then shares the public key with the server.
Compared to traditional passwords, passkeys offer several security benefits. Developers can implement support for app logins via passkeys and all a user would have to do is use Touch ID/Face ID to authenticate their identity.
Currently, iOS 15 and macOS Monterey passkeys are available for developer testing only since Apple is extensively testing the feature to make it as seamless as possible. Currently, in beta testing, iOS 15, iPadOS 15, and macOS Monterey will be available this fall.
Read more:
- iOS 15 features new StoreKit API which allows users to request refunds directly within apps
- iOS 15 and macOS Monterey get password authenticator for two-factor authentication
- iOS 15 Accessibility features: Magnifier app, sound actions for Switch Control, explore images with VoiceOver and more
- iOS 15 features WPA3 security for hotspot connections
- iOS 15 and iPadOS 15 allow developers to access more of a device’s RAM
- Here is how Siri works offline in iOS 15
- iOS 15 allows users to update to beta release when restoring device from iCloud backups
- What is iCloud+ Private Relay in iOS 15 and macOS Monterey, and how does it work?
