This time, Apple really killed the password

Data breaches continue to leak 123456, 123456789, and 12345 as the most popular passwords-'qwerty' and 'password' are close behind-leaving you open to all sorts of hacking. One of the greatest threats to your online life is using weak and repetitive passwords. The promise of a password-free future has been made for years, but it appears that 2022 will be the year millions of people stop using passwords.

Apple announced yesterday that passwordless logins will be available for Macs, iPhones, iPads, and Apple TVs around September this year. With iOS 16 and macOS Ventura, you will no longer need to use passwords to sign in to websites and apps. This is the first real-world attempt to eliminate passwords.

At WWDC, Apple's vice president of internet technologies, Darin Adler, explained how Passkeys replace tired old passwords with new digital keys using Touch ID or Face ID. A Passkey can be used in place of a password when creating an online account with a website. “Using your Touch ID or Face ID, you can create a Passkey,” Adler said.

Passkeys allow you to log in to that website again by using your biometrics instead of entering a password (or having your password manager do it for you). Your iPhone or iPad will prompt you to verify your identity when you sign in to a website on a Mac.

In addition, Apple says its Passkeys will sync across your devices using iCloud's Keychain, rather than on servers. Apple's Passkey is based on the Web Authentication API (WebAuthn) and is end-to-end encrypted so nobody can read it, including Apple. Passkeys are created by using public-private key authentication to verify that you are who you claim to be.

For most people, a passwordless system would be a significant step forward in terms of online security. As well as reducing the likelihood of phishing attacks, removing passwords eliminates guessable passwords. A password cannot be stolen in a data breach if it does not exist in the first place. It is possible to log in with your fingerprint or using your face recognition, but this usually requires you to create an account first.

Apple first announced its Passkeys at the company's 2021 WWDC, and the company began testing them shortly afterward. Apple isn't the only company that wants to eliminate passwords. Apple's Passkeys implement the underlying standards developed by the FIDO Alliance, a tech industry group, for ditching passwords.

FIDO has taken important steps to bring the demise of the password closer to reality in recent months. FIDO announced in March that it had devised a way to store the cryptographic keys that sync between devices, calling them 'multi-device FIDO credentials' or 'passkeys.'

The following month, Apple, Microsoft, and Google announced their support for the FIDO standards. Director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, said the adoption of the standards would make the Internet safer for more people.

Microsoft account holders have been able to ditch their passwords since September last year, and Google has been developing a passwordless technology since 2008. The three tech giants said they would roll out the technology 'over the course of the coming year.'

When all the tech companies have rolled out their version of passkeys, it should be possible to use the system across different devices—for example, your iPhone could be used to log in to a Windows laptop, or an Android tablet to log in to a website in Microsoft's Edge Browser.

According to Andrew Shikiar, the executive director of the FIDO Alliance, all of FIDO's specs have been developed collaboratively with input from hundreds of companies. According to Shikiar, Apple is the first company to begin rolling out passkey-style technology, which demonstrates how 'tangible this approach will soon be to consumers worldwide.'

Passwordless futures will succeed or fail according to how they are implemented in reality. As of right now, it is unclear what happens to Passkeys if you switch from Apple's ecosystem to Android or another platform. There are still chances that developers must make to their apps and websites to make Passkey work (Apple hasn't responded to our request for comment).

Moreover, people need to be educated on how any system works in order to gain trust in it. Alex Simons, the director of Microsoft's identity management efforts, said in May that any viable solution must be safer, easier, and faster than passwords and legacy multi-factor authentication methods. People may shy away from cross-device systems if they're cumbersome or difficult to use, preferring weak but convenient passwords.

Passkey from Apple, Google's Authenticator, and Microsoft's Authenticator are all still some time away (at the very least), but that doesn't mean you should keep using weak or repeated passwords. You should use strong and unique passwords for every account, whether it's for your Facebook account or an account you use to purchase DIY supplies. Passwords should not include common phrases, pet names, or personal information that can be linked to you.

You should use long, strong passwords instead. It is best to create and store better passwords by using a password manager. Turn on multi-factor authentication for as many accounts as you can while you're thinking about security.

For more stories like this

Explore our website