Passkeys are a new technology presented by Apple at WWDC 2022. Based on the standards of the FIDO Alliance, this new system allows you to connect without a password thanks to digital keys based on biometric data. Soon to be adopted by Google and Microsoft, this innovation could become the new standard by the end of the year. Find out everything you need to know about this major advancement in cybersecurity.
the first password was created by Fernando Corbató in the 1960s. The American computer scientist died in 2019 at the age of 93, but his invention survived him.
Still today, the password remains the main system computer identification. Yet, in terms of cybersecurity, this technology is far from up to par with modern threats.
Every year, ridiculously simple passwords like “12345” Where ” password “ are the source of hacks and data leaks. The weak and reused passwords are one of the main cybersecurity risks on the web.
Even more complex and strong passwords can be discovered by hackers, through social engineering or when accessing a database. And the consequences of a password leak can be catastrophic.
For many years, the computer industry has promised a technology more secure than the password. In vain. According to Verizon’s Data Breach Report, 80% of data leaks are caused by weak passwords.
However, as part of its Worldwide Developer Conference on June 6, 2022, Apple has just announced a nice surprise. From September, the Californian firm will allow identification without a password on Macs, iPhone, iPad and Apple TV.
Users of iOS 16 and macOS Ventura will be able to connect to websites and applications using “Passkeys” : a new invention from Apple that could well end the era of the password.
What are Passkeys?
Passkeys are based on creation of digital keys using Touch ID (fingerprint sensor) or Face ID (facial recognition). This new technology was explained on stage at WWDC by Darin Adler, Vice President of Internet Technologies.
After creating a digital key, it will be possible to use it instead of a password for create an account on any website or app. To connect, the user can therefore authenticate with his biometric data (fingerprint or face) rather than by writing his identifiers. Alternatively, it will also be possible to scan a QR code.
When logging into a website on Mac, the user will be prompted to verify their identity via their iPhone or iPad. Passkeys will be stored directly on devices rather than on remote servers, which guarantees maximum security.
How it works ?
Passkeys are based on Web Authentication API (WebAuthn) and are end-to-end encrypted. This means that not even Apple will be able to access it. The Passkeys creation system uses a public-private key authentication system to prove its identity.
The keys will be synced between devices using iCloud Keychainwhich will allow them to be preserved in the event of loss of a device.
This new invention from Apple could represent a real change for the digital sphere. The end of passwords would constitute a step forward for cybersecurity on line.
in addition eliminate the risk of a criminal guessing a password, this new system could reduce the danger of phishing or phishing attacks. In addition, the passwords revealed during data leaks would become strictly useless.
In reality, Passkeys were introduced by Apple for the first time during WWDC 2021. Shortly after, Apple began testing this new system in a closed circle.
An implementation of FIDO standards
Note that Apple is not alone in wanting to put an end to passwords. The FIDO Alliance, an industry group in the field of technology, has been working for almost a decade on standards allowing this system to be abandoned.
Over the past few months, FIDO has taken several steps to bring its plan to fruition. In March 2022, the group announced that they discovered how store synchronized cryptographic keys between user devices.
The term “passkeys” has also been used, alongside the term “multi-device FIDO identifiers”. Apple Passkeys are actually an implementation of these standards by the American firm.
In May 2022, Apple, Microsoft and Google announced their support for FIDO standards. The director of the Cybersecurity and Infrastructure Security Agency from the United States, Jen Easterly, believed that the adoption of these standards would ensure the safety of Internet users.
The three giants had promised to start deploying this new technology in the coming year. However, Microsoft account users have been able to get rid of their passwords since September 2021, and Google has been working on its own alternative technology since 2008.
Towards Passkeys compatible with Apple, Google and Microsoft?
When these three tech titans roll out their versions of Passkeys, we can expect the system to work. between all the different devices of these manufacturers.
For example, it will be possible to use the iPhone to connect to a Windows PCor an Android tablet to connect to a website on the Microsoft Edge browser.
According to Andrew Shikiar, Executive Director of the FIDO Alliance, “ all FIDO standards were developed collaboratively, with the help of hundreds of companies “. He confirms that Apple is the first company to deploy this technology, and that ” this approach will be soon to be tangible for consumers around the world “.
A threat to cybersecurity?
The success of the Passkeys, however, will depend on their proper functioning. We ignore for the moment what will happen to a user’s keys if he abandons the Apple ecosystem for Android or other environment.
In addition, developers will need to implement changes to their websites and applications to support this new system. Even if the process will undoubtedly be simplified by Apple, it will probably be necessary to wait for the technology to be completely democratized.
Whatever the security level of the Passkeys, the general public will need some time to accept this new technology and understand how it works.
As Alex Simons, director of identity management at Microsoft, put it in May 2022, “ a viable solution must be safer, simpler and faster than passwords and traditional multi-factor authentication methods used today “.
If Passkeys are too painful to use, Internet users will naturally prefer to be content with passwords. Despite the risk of piracy. However, Garrett Davidson, an engineer with Apple’s Authentication Experience team, ” since this technology allows connect with a single screen tapit is simpler, faster and more secure than almost all common forms of authentication today. “.
Until this innovation becomes the new norm, try adopt best practices of passwords. Use only strong, unique passwords that do not include personal information.
The best solution is to use password manager software, to automatically create long and complex passwords and store them securely. When connecting to a website, the software enters the password automatically. Check out our selection of the best Password Managers.
Finally, to maximize security, enable two-factor authentication on all websites and apps that offer this option. Thus, even if a hacker seizes your password, he will not be able to connect to your accounts without confirmation on your smartphone or your email box.