Passwords are hard to remember — especially if you use a lot of online services and try (which you should) to use a strong, different password for each one. But the days of trying to think of yet another password to sign up for a new service may be behind us.
In a WWDC developer session titled “Move beyond passwords,” Apple engineer Garret Davidson shows a new feature, allowing users to sign up for new online services using Face ID or Touch ID instead of a password.
The feature, called Passkeys in iCloud Keychain, is coming in iOS 15 and macOS Monterey, and it will have to be supported by third party services to work. Using it is really simple; when you encounter a “sign in” page on a new service, you’ll be able to sign up for it with Face ID or Touch ID, and you’ll never have to type in a password to log into that service.
In the background, this works by using the open WebAuthn standard to create a pair of cryptographic keys, one public and one private. Unlike a password, the private key – which is used for proving that it’s really you who is signing into a service – is never sent to the remote server.
Signing into a service is as easy as looking at the phone.
This makes passkeys more secure than passwords — in fact, Apple claims they’re even more secure than using a password together with two-factor authentication of some sort. Passkeys are also easy to recover and more resistant to phishing than passwords. Finally, they’re synced on all your Apple devices using iCloud, and work in different apps, as well as on the web.
However, the feature currently only works on Apple devices, which is a pretty big limitation. According to CNET, Apple is working with partners to create a solution that would work across other devices as well. It’s also important to note that passkeys in iCloud Keychain will be launched as a technology preview for developers to test out and will thus be turned off by default at launch.