Apple unveils passwordless authentication keys for apps and websites


At WWDC 2022, Apple announced and previewed iOS 16 and iPad OS 16, macOS 13 (aka macOS Ventura), watchOS 9, their new M2 chips, new MacBook Air and Pro, and new tools , technologies and APIs for developers focusing on Apple’s platforms.

Among the many new and improved features added to these solutions, several are also aimed at improving user security and privacy.

Apple expands passwordless authentication with passkeys

In May, Apple, Google and Microsoft announced plans to expand support for a common passwordless login standard created by the FIDO Alliance and the World Wide Web Consortium.

“These companies’ platforms already support FIDO Alliance standards to enable passwordless login on billions of industry-leading devices, but previous implementations require users to log in to every website or app with each device before you can use the feature without a password,” the FIDO Alliance noted at the time.

The expanded support means users could automatically access their FIDO login credentials (aka “passkey”) on many of their old and new devices without having to re-enroll each account. Also, they could use FIDO authentication on their mobile device to log into an app or website on a nearby device.

With Apple’s new operating systems and technologies, this expanded support practically means safer browsing in Safari on macOS Ventura, iOS and iPad 16, with security keys.

“Passkeys are unique digital keys that stay on the device and are never stored on a web server, so hackers can’t leak them or trick users into sharing them,” Apple explained.

Designed to replace passwords, Passwords uses Touch ID or Face ID for biometric verification, and iCloud Keychain to sync across iPhone, iPad, Mac, and Apple TV with end-to-end encryption.

“Security keys never leave your device and are specific to the site you created them for, making it nearly impossible to phishing them,” Apple notes.

They cannot be disclosed as they are not stored on a web server and allow users to log in to websites or applications on other devices (including non-Apple devices) with their passkey recorded by scanning the QR code with their iPhone or iPad. and using Face ID or Touch ID to authenticate.

Rapid Security Response

Apple hasn’t shared much about Rapid Security Response, a new feature in macOS Ventura, iOS, and iPad 16 that should automatically push security updates between standard OS updates — if users choose to. authorize it.

Some of the updates won’t even require a device restart, apparently.

Security controle

iOS 16 comes with a new section in Settings that allows users “in situations of domestic or intimate partner violence to quickly reset the access they’ve granted to others.”

People in abusive relationships may be forced to share their Apple ID (email address + password) and grant access to their Apple ID account to their abuser(s). Once physically safe from them, they will now be able to use Safety Check to lock their account.

“[Safety Check] includes an emergency reset that helps users easily sign out of iCloud on all their other devices, reset privacy permissions, and limit messaging to the device they have in hand. It also helps users understand and manage the people and apps they’ve granted access to,” Apple explained.

Apple Authentication Keys

Other Privacy Improvements

In iOS 16, hidden and recently deleted albums are locked by default – users will be able to unlock them via Face ID, Touch ID or by entering their password.

Apps will need to ask users for permission before accessing the clipboard to paste content from another app.


Comments are closed.