Ditch your iPhone password. Apple’s new iOS 16 feature is more secure

it’s part of the story focal point iphone 2022CNET’s collection of news, tips and advice about Apple’s most popular product.

What is happening

Apple’s new iPhone 14 models will come with a technology called Passkey that is designed to be as easy to use but much more as a password. It comes with iOS 16, but Google is building passkeys into its phone and browser software as well.

why it matters

Passwords have long been plagued with problems, but starting with the iPhones, tech giants have collaborated to create a workable alternative that minimizes vulnerabilities and hacking risks.

Later Apple released OS 16 on Monday and started deliver iphone 14 smartphone On Friday, you can now try Passkeys, a new login technology that promises to be more secure than passwords to protect access to websites, email and other online services.

Apple demonstrated passkey at their Worldwide Developers Conference in June and said they would come iOS 16 And macos is coming this fall. they Coming to Google’s Android And also for web browsers later this year.

Using a passkey as a password is easier, and probably easier. They replace the riot of keystrokes required for passwords with biometric checks on our phones or computers. They also block phishing attacks and remove the complexities of two-factor authentication, such as SMS codes, that are associated with password system vulnerabilities.

Once you set up a passkey for a site or app, it’s stored on the phone or personal computer you used to set it up. Services like Apple’s iCloud Keychain or Google’s Chrome Password Manager can synchronize passkeys across all your devices. Dozens of tech companies developed open standards behind passkeys in a group called FIDO AllianceWhich one? Passkey announced in May,

“Now is the time to adopt them,” said Garrett Davidson, an authentication technology engineer at Apple. WWDC talks about passkeys, “With passkeys, not only is the user experience better than with passwords, but whole categories of security – such as vulnerable and reused credentials, credential leaks and phishing – are no longer possible.”

You’ll need to spend a little time on the learning curve before Passkey reaches its full potential. You also need to decide whether Apple, Microsoft or Google is the best option for you.

Here’s a look at the technology.

What is passkey?

This is a new type of login credential that consists of a bit of digital data used by your PC or phone when logging in to a server. You approve each use of that data with an authentication step, such as fingerprint checks, face recognition, a PIN code or login swipe pattern familiar to Android phone owners.

Here’s the catch: You must have your own phone or computer with you to use Passkey. You can’t log into a passkey-protected account from a friend’s computer without your own device.

The passkey is synchronized and backed up. If you get a new Android phone or iPhone, Google and Apple can restore your passkey. With end-to-end encryption, Google and Apple cannot see or change the passkey. Apple designed its own system for keep passkey safe Even if an attacker or Apple employee has compromised your iCloud account.

How does setting a passkey work?

It’s very easy. When a website or app asks you to set a passkey, use your fingerprint, face, or any other mechanism to authenticate a passkey. That’s it.

Three-step illustration of the passkey logon process on an Android phone

These steps show how to log on with a passkey on an Android phone: Select the Passkey option, select the appropriate passkey, and authenticate with fingerprint ID. Face recognition is also an option on compatible phones.


How do I use the passkey to log in?

When using the phone, a passkey authentication option will appear when you try to log on to an app. Tap that option, use the authentication technology you chose, and you’re in.

For websites, you should see the Passkey by username field option. After that, the process is the same.

Once you have the passkey on your phone, you can use it to facilitate login on any other nearby device like your laptop. Once you’re logged in, that website may offer to create a new passkey associated with the new device.

What if I need to log into a website using someone else’s computer?

You can use the passkey stored on your phone to log in to another nearby device, such as the laptop you’re borrowing from. The login screen of the borrowed laptop will have an option to present a QR code that you can scan with your phone. You’ll use Bluetooth to make sure your phone and computer are close by, then you can use a fingerprint or Face ID check on your phone. Your phone will then communicate with the computer over a secure connection to complete the authentication process.

Why are passkeys more secure than passwords?

Passkeys use a time-tested security foundation called public key cryptography for login operations. This is the same technology that protects your credit card number when you type it into a website. The beauty of the system is that a website has to base its passkey record only on your public key, data that is designed to be openly visible. The private key used to set the passkey is stored only on your own device. There is no database of password data that a hacker can steal.

Another great benefit is that passkeys deter phishing attempts. “Passkeys are intrinsically linked to the website or app for which they were installed, so users can never be tricked into using their passkeys on the wrong website,” Ricky Mondellowho oversees authentication technology at Apple, said in a WWDC video.

Using a passkey requires that you have your device and be able to unlock it, a combination that provides the security of two-factor authentication but is less annoying than an SMS code. And with Passkey, no one can peek over your shoulder to see you type your password.

When will I see the passkey?

Passkeys have started arriving this year.

Passkeys are currently in iOS 16 and will come in iPadOS 16 And macos is coming When Apple releases that software later this fall. Google will bring passkey support to Android software For developer testing by the end of 2022, Google certification leader Mark Risher said in May. Passkey support should be coming to Chrome and Chrome OS at the same time. Microsoft plans to support Windows in 2022.

However, this is just enabling technology. Websites and apps should also be updated to support Passkey. Some developers will be eager to take advantage of the security benefits, but many will move more slowly. Even if the passkey catches on fast, don’t expect the password to disappear.

A company that has already added passkey support, a travel booking service kayak, Added passkey support This week on its app and website. Expect to see a lot more adopt it slowly.

Will websites and apps require me to use a passkey?

It is unlikely that you will be forced to use a passkey when the technology is new and unfamiliar. Websites and apps you already use will add passkey support to existing password methods as well.

A person uses the phone to scan a QR code to enable passkey login on a nearby computer

If you need to log into a friend’s computer that doesn’t have your passkey, scanning a QR code will let your phone handle the authentication process.


When you sign up for a new service, the passkey may be presented as a preferred option. Eventually, they may become the only option.

Will passkeys lock me into the Apple or Google ecosystem?

off course not. Although passkeys are tied to a company’s tech suite, you’ll be able to get out of the Apple world to use passkeys with Microsoft or Google.

“Users can sign in to the Google Chrome browser running Microsoft Windows using a passkey on an Apple device,” Vasu Jakalia Microsoft leader in security and identity technology said in a May blog post.

Apple and Google said passkey advocates are also working on technology to enable people to move their passkeys from one technical domain to another.

How are password managers connected with Passkey?

Password managers play an important role in creating, storing and synchronizing passwords. But at least in the eyes of tech giants like Google and Apple, passkeys will be tied to your phone or personal computer, not your password manager.

However this may change.

“We expect a natural evolution to an architecture that allows for third-party passkey managers to be plugged in and for portability between ecosystems,” said Google’s Risher.

They anticipate that passkeys will evolve to reduce barriers between ecosystems and to accommodate third-party passkey managers. “It’s been a topic of discussion since the very early days of this industry.”

really, Password manager Dashlane is testing passkey support And there are plans to release it widely in the coming weeks. “Users can store their passkeys for multiple sites and take advantage of the same convenience and security they already have,” the company said in an August 31 blog post.

1Password creator AgileBits has just joined the FIDO AllianceAnd Dashlane, Bitwarden and LastPass are already members,

Be the first to comment

Leave a Reply

Your email address will not be published.