Users of Apple’s latest devices just got a security and convenience boost, which should mean they can now forget the password for the company’s own websites.
If you have a new iPhone with the latest iOS 17, an iPad with iPadOS 17, or a Mac with macOS Sonoma, only Face ID and Touch ID can be used to authenticate your login to sites like icloud.com and apple.com – you do not need to enter your password.
The news follows Google’s recent announcement that passkeys will become the default way for users to log into their Google accounts. It looks like passkeys are finally starting to deliver on their promise to replace passwords for good.
Moving forward
Passwords rely on a set of cryptographic keys, one public and one private. The former is stored in the cloud of the service you are trying to log into, and the latter is stored on your device. No one knows what this is, not even the user. For this reason, access keys are believed to be phishing-resistant.
All it takes to verify the use of a passkey is whatever you use to lock your device, such as your fingerprint, face, or PIN. Since many people often use them anyway to lock out the use of their saved passwords, passkeys essentially eliminate the need for this extra password step.
On Apple sites, users should look for the Sign In with iPhone button once they enter their Apple ID email address on the login page. A QR code will then appear, which, once scanned with your iOS 17 iPhone, will allow you to verify your login using just your Face ID or Touch ID.
Apple claims that passkeys “significantly improve security,” and they aren’t alone in this belief. Passwords are managed by the FIDO Alliance, a cross-industry association that includes Apple, Google, Microsoft and others all as board-level members.
Apple was one of the first big names to support passkeys, and now it’s going even further with this new implementation. However, there are concerns that the use of access keys could lock users into big tech ecosystems because they are not platform independent.
However, if you use a third-party password manager that supports passkeys (as many are starting to do now), you can save your passkeys to it so you can use them across platforms.