At WWDC 2022, the firm announced “Apple Passkeys,” a new biometric sign-in technology that may finally put the password to rest.
Passwords are insecure, with easily guessable credentials accounting for more than 80% of all data breaches, according to Verizon’s annual data breach report. Apple says passkeys eliminate the need for passwords completely and are far less likely to be stolen as a result of a data breach or phishing attempt.
Did you check all Apple WWDC 2022 announcements?
What is Apple Passkeys?
Passwords are no longer required to authenticate users to websites and apps using the Web Authentication API (WebAuthn), which uses public-key cryptography rather than passwords to confirm identities. Passwords, on the other hand, are still used for authentication by some sites and applications. For biometric verification, The digital password replacement utilizes Touch ID or Face ID instead of requiring you to input a long string of characters.
Apple’s WWDC demonstration of password-free technology included how passkeys are backed up and maybe synced across all of Apple’s devices with end-to-end encryption. Users will also be able to login to websites and apps on non-Apple devices using their iPhone or iPad to scan a QR code or Touch ID or Face ID to confirm their identity.
“Because it’s just a single tap to sign in, it’s simultaneously easier, faster, and more secure than almost all common forms of authentication today,” said Garrett Davidson, an Apple engineer on the Authentication Experience team,
Apple, Google, and Microsoft have committed to supporting the new passwordless authentication standard — which has been developed by the FIDO Alliance and World Wide Web Consortium — on their platforms within a year. If Apple’s WWDC presentation is any indication, macOS Ventura, iOS 16, and iPadOS 16 will be among the first operating systems to support it.
Apple debuted another security feature during its WWDC keynote, dubbed Rapid Security Response, which it claims makes macOS and iOS more resistant to attack by automatically delivering security updates in the background without a restart.