With weak and ineffective passwords responsible for 81% of cyber attacks worldwide, and the most commonly used password often hacked in seconds, it’s clear that adequate password managers and robust security solutions aren’t just an option, they’re necessary. So, as we embark on a passwordless future, here’s what you need to know about the password’s latest successor – passkey. Described by the company as “next-generation credentials that are safer and easier to use than standard passwords”, the new verification method aims to make entering codes manually a thing of the past.
Apple’s new “Passkey” feature aims to do away with passwords for good, and Google and Microsoft are following suit. It’s official: the sun may be setting on the humble password after years of gradual and steady decline. Apple said at its annual Worldwide Developer Conference (WWDC) that passwords will be phased out in favour of passwordless logins as early as September. Passkey, Apple’s security substitute, employs Face and Touch ID to verify a user’s identity and will be available initially on Safari and iOS. Google and Microsoft are both planning to use similar strategies in the near future.
Well, according to Apple’s support document, the Passkey verification method is built on standard Web Authentication and uses a unique cryptographic key pair for each website or account it’s stored on. What this means is that a copy of the Passkey is locked into the website or app, and is only able to be unlocked by the users’ matching biometric information. Because the second key is private and only available to the user, it’s less likely to be stolen, phished, or hacked by malicious actors. According to Apple’s own statement, this makes the measure even more secure than two-factor authentication.
Instead of characters, Passkeys rely on biometric data, like Face and Touch ID, to grant users access to sites or platforms. Because it’s so difficult to replicate, Passkeys are said to be one of the most secure verification methods out there. In fact, according to Darin Adler, Apple’s VP for internet technology, Passkey codes provide one of the highest forms of protection against your data being phished, leaked, or hacked. Passkeys are a standard-based technology that, unlike passwords, are resistant to phishing, are always strong, and are designed so that there are no shared secrets. – Apple’s support document
There’s no denying that by removing the necessity of passcodes, the web could become a much safer place. Cryptographic solutions like Passkeys will make it increasingly difficult for bad actors to break into personal accounts. And not only is this likely to reduce instances of phishing attacks, network hacks, and data breaches – it could also provides users with a more simple and faster way to log in.
The Fast Identity Online (FIDO) Alliance, a U.S-based tech industry group, has been working towards a passwordless future for the last ten years. This March, the organization established a way to safely store cryptographic keys. By using this development as a springboard, Apple was then able to transform Passskeys from a vision to reality. Alongside Apple, Microsoft and Google have also developed passkeys through the FIDO alliance. Microsoft is planning to introduce passkey support across Windows in the coming months, and Google is planning to launch a passkey option across both Chrome and Android platforms later this year.
But while the future of online verification looks bright, passwords aren’t done away with just yet. Before solutions like Passkeys enter the mainstream, passwords will continue to be used to secure devices globally — and this may not be as bad as you think. When used effectively, passwords can still form powerful lines of defense. Users just need to come up with solid codes and avoid repeating them across platforms. This doesn’t need to be hard, either. By using password managers, all your passwords can be generated and stored from a single platform.