it’s part of the storyCNET’s collection of news, tips and advice about Apple’s most popular product.
What is happening
Apple’s new iPhone 14 models will come with a technology called Passkey that is designed to be as easy to use but much more as a password. It comes with iOS 16, but Google is building passkeys into its phone and browser software as well.
why it matters
Passwords have long been plagued with problems, but starting with the iPhones, tech giants have collaborated to create a workable alternative that minimizes vulnerabilities and hacking risks.
Laterand started On Friday, you can now try Passkeys, a new login technology that promises to be more secure than passwords to protect access to websites, email and other online services.
Coming to Google’s Android And also for web browsers later this year.at their Worldwide Developers Conference in June and said they would come And this fall. they
Using a passkey as a password is easier, and probably easier. They replace the riot of keystrokes required for passwords with biometric checks on our phones or computers. They also block phishing attacks and remove the complexities of two-factor authentication, such as SMS codes, that are associated with password system vulnerabilities.
Once you set up a passkey for a site or app, it’s stored on the phone or personal computer you used to set it up. Services like Apple’s iCloud Keychain or Google’s Chrome Password Manager can synchronize passkeys across all your devices. Dozens of tech companies developed open standards behind passkeys in a group called FIDO AllianceWhich one? Passkey announced in May,
“Now is the time to adopt them,” said Garrett Davidson, an authentication technology engineer at Apple. WWDC talks about passkeys, “With passkeys, not only is the user experience better than with passwords, but whole categories of security – such as vulnerable and reused credentials, credential leaks and phishing – are no longer possible.”
You’ll need to spend a little time on the learning curve before Passkey reaches its full potential. You also need to decide whether Apple, Microsoft or Google is the best option for you.
Here’s a look at the technology.
What is passkey?
This is a new type of login credential that consists of a bit of digital data used by your PC or phone when logging in to a server. You approve each use of that data with an authentication step, such as fingerprint checks, face recognition, a PIN code or login swipe pattern familiar to Android phone owners.
Here’s the catch: You must have your own phone or computer with you to use Passkey. You can’t log into a passkey-protected account from a friend’s computer without your own device.
The passkey is synchronized and backed up. If you get a new Android phone or iPhone, Google and Apple can restore your passkey. With end-to-end encryption, Google and Apple cannot see or change the passkey. Apple designed its own system for keep passkey safe Even if an attacker or Apple employee has compromised your iCloud account.
How does setting a passkey work?
It’s very easy. When a website or app asks you to set a passkey, use your fingerprint, face, or any other mechanism to authenticate a passkey. That’s it.
How do I use the passkey to log in?
When using the phone, a passkey authentication option will appear when you try to log on to an app. Tap that option, use the authentication technology you chose, and you’re in.
For websites, you should see the Passkey by username field option. After that, the process is the same.
Once you have the passkey on your phone, you can use it to facilitate login on any other nearby device like your laptop. Once you’re logged in, that website may offer to create a new passkey associated with the new device.
What if I need to log into a website using someone else’s computer?
You can use the passkey stored on your phone to log in to another nearby device, such as the laptop you’re borrowing from. The login screen of the borrowed laptop will have an option to present a QR code that you can scan with your phone. You’ll use Bluetooth to make sure your phone and computer are close by, then you can use a fingerprint or Face ID check on your phone. Your phone will then communicate with the computer over a secure connection to complete the authentication process.
Why are passkeys more secure than passwords?
Passkeys use a time-tested security foundation called public key cryptography for login operations. This is the same technology that protects your credit card number when you type it into a website. The beauty of the system is that a website has to base its passkey record only on your public key, data that is designed to be openly visible. The private key used to set the passkey is stored only on your own device. There is no database of password data that a hacker can steal.
Another great benefit is that passkeys deter phishing attempts. “Passkeys are intrinsically linked to the website or app for which they were installed, so users can never be tricked into using their passkeys on the wrong website,” Ricky Mondellowho oversees authentication technology at Apple, said in a WWDC video.
Using a passkey requires that you have your device and be able to unlock it, a combination that provides the security of two-factor authentication but is less annoying than an SMS code. And with Passkey, no one can peek over your shoulder to see you type your password.
When will I see the passkey?
Passkeys have started arriving this year.
Passkeys are currently in iOS 16 and will come in Google will bring passkey support to Android software For developer testing by the end of 2022, Google certification leader Mark Risher said in May. Passkey support should be coming to Chrome and Chrome OS at the same time. Microsoft plans to support Windows in 2022.And When Apple releases that software later this fall.
However, this is just enabling technology. Websites and apps should also be updated to support Passkey. Some developers will be eager to take advantage of the security benefits, but many will move more slowly. Even if the passkey catches on fast, don’t expect the password to disappear.
Will websites and apps require me to use a passkey?
It is unlikely that you will be forced to use a passkey when the technology is new and unfamiliar. Websites and apps you already use will add passkey support to existing password methods as well.
When you sign up for a new service, the passkey may be presented as a preferred option. Eventually, they may become the only option.
Will passkeys lock me into the Apple or Google ecosystem?
off course not. Although passkeys are tied to a company’s tech suite, you’ll be able to get out of the Apple world to use passkeys with Microsoft or Google.
“Users can sign in to the Google Chrome browser running Microsoft Windows using a passkey on an Apple device,” Vasu Jakalia Microsoft leader in security and identity technology said in a May blog post.
Apple and Google said passkey advocates are also working on technology to enable people to move their passkeys from one technical domain to another.
How are password managers connected with Passkey?
Password managers play an important role in creating, storing and synchronizing passwords. But at least in the eyes of tech giants like Google and Apple, passkeys will be tied to your phone or personal computer, not your password manager.
However this may change.
“We expect a natural evolution to an architecture that allows for third-party passkey managers to be plugged in and for portability between ecosystems,” said Google’s Risher.
They anticipate that passkeys will evolve to reduce barriers between ecosystems and to accommodate third-party passkey managers. “It’s been a topic of discussion since the very early days of this industry.”
really, Password manager Dashlane is testing passkey support And there are plans to release it widely in the coming weeks. “Users can store their passkeys for multiple sites and take advantage of the same convenience and security they already have,” the company said in an August 31 blog post.