The FIDO Alliance, an association working on new authentication methods to replace traditional passwords, announced last month that Apple, Google and Microsoft have committed to expanding support for the FIDO standard on their platforms. At WWDC 2022, Apple revealed that iOS 16, iPadOS 16 and macOS 13 will finally enable passwordless login with "passkeys."
In fact, iOS 15 and macOS 12 are already compatible with the FIDO standard. However, the previous implementation required the user to log in to every app or website on every device before enabling a passwordless login method. With Apple's latest software, passwordless login has now become a reality. As Apple announced during the WWDC 2022 keynote explained, both iOS 16 and macOS 13 now feature "passkeys," as this authentication method is called. With passkeys, users no longer have to enter a username and password to log into apps and websites, reducing the risk of phishing attacks.
How Passkeys Work in iOS
For users, logging in with a passkey works almost the same as logging in with iCloud Keychain and Face ID or Touch ID. You simply choose an access code, authenticate with biometrics, and that's it. While iCloud Keychain automatically fills in your username and password in regular text fields, a passkey goes way beyond that. The system generates a unique key that can only be accessed with user authentication via Face ID or Touch ID. This prevents malicious websites from trying to steal your passwords, as the passkeys are stored securely in iCloud Keychain and are not visible to the user.
Devices can generate QR code
Of course, the passwords are automatically synced to your Apple devices. But what about other platforms? Because passkeys are based on the FIDO standard, which is also implemented on Android and Windows, there is a way to log in on a device that isn't your own. The other device generates a QR code that can be read by your iPhone or iPad. iOS uses Face ID or Touch ID to confirm that it's you trying to log in before confirming or denying the request to the app or website on the other device. And if it's an iOS device or Mac that's not yours, passkeys can be shared via AirDrop.
availability and implementation
Because this is a new API, developers will need to update their apps and websites to support the new standard, so it may take some time for this technology to become widespread. Apple has already provided extensive documentation to help developers implement passkeys in their iOS and macOS apps. iOS 16 and macOS 13 are currently available as beta software for developers via the Apple Developer website. A public beta version will be released next month, while the official release for all users will take place in the fall. Whether your device is compatible with the new software, you can find out here. (Image: Apple)
