With its next round of software updates coming this fall, including iOS 16 and macOS Ventura, Apple will launch integrated support for the passkeys standard. The passkey standard is described as unique digital keys designed to replace the need for passwords altogether with streamlined sign-in across your devices, websites, and apps.
What are passkeys?
Passwords are one of the weakest links in digital security today. Many people will choose a password and then use it across every app, website, or service they sign into. Passwords can also be leaked in database breaches, obtained via phishing attacks, and much more. Passkeys address these issues and let users transition to a completely password-less lifestyle using public key cryptography.
Apple’s support for the passkey standard was announced at WWDC in June. As we’ve explained in the past, passkeys replace your password with a digital key that is unique to your account. This digital key stays on the device, is end-to-end encrypted, and is never stored on a web server. Each passkey you create is unique to that app, website, or service.
Passkeys are an extension of the FIDO Standard feature that Apple implemented as part of iOS 15 and macOS 12 last year. The FIDO Standard feature, however, requires the user to log into each app or website on each device before enabling a password-less sign-in method. Passkeys remove that step and allow users to transition to a password-less login method altogether.
Apple’s existing support for biometric logins also extends to passkeys, allowing you to authenticate with Face ID or Touch ID. This makes passkeys stronger than all other regularly used types of two-factor authentication.
The flow for logging in with a passkey will work similarly to using iCloud Keychain and Face ID or Touch ID. The difference, of course, is that, instead of choosing a credential from iCloud Keychain and autofilling your password and username into text fields, you’ll choose (or create) a passkey as your login method. Passkeys are synced across your devices using iCloud Keychain with end-to-end encryption, so even Apple can’t view the information.
What about logging into apps or services on a non-Apple device? Because passkeys are based on the FIDO Standard, cross-platform support is built right in. The other non-Apple device will generate a QR Code that can be read by your iPhone or iPad. iOS then uses Face ID or Touch ID to confirm that it’s you who’s trying to sign in. Then, it will confirm or deny the request to the app or website running on the other device.
Adoption of 2FA among Apple users
The use of passkeys in iOS 16 and macOS Ventura will require that you also have two-factor authentication enabled for your iCloud account, adding another layer of protection. While this may sound like a roadblock that could inhibit the adoption of passkeys among users, Apple says this won’t be the case.
There are, of course, many features that require you have two-factor authentication enabled to use them, helping spur adoption of the security feature. For instance, using an Apple Card or Apple Cash requires that two-factor authentication be enabled. Enabling iCloud Keychain for syncing things like passwords and credit card numbers across your devices also requires that two-factor authentication be enabled for your account.
Apple has continued to expand the number of features and services that require two-factor authentication as well. For instance, AirTags also require that 2FA be enabled on your account, as does the new Universal Control feature as well as syncing iMessage.
If you’re one of the few iCloud users who does not have two-factor authentication enabled on your account, it’s quick and easy to enable it using Apple’s guide.
Requiring two-factor authentication be enabled for features such as these significantly helps boost adoption of the security feature among Apple users. It’s actually a pretty smart strategy by Apple to create these incentives. In fact, we’d wager that doing that use of 2FA for Apple IDs is higher than other competing platforms for this exact reason.
When will you be able to use passkeys?
Since this is a new API, passkeys requires developers to update their apps and websites to support the new standard. This means it won’t be an instant transition even once iOS 16 and macOS Ventura are released. With that being said, however, Apple has provided extensive documentation to help developers implement passkeys in their iOS and macOS apps and on the web.
Apple also explained that, because passkeys use AutoFill and Face ID or Touch ID for biometric authentication, they can be used alongside passwords if necessary. This means that developers can adopt the new Authentication Services API to add passkeys to their sign-in flows to allow users to sign in without entering a password or username.
Apple confirmed to Tom’s Guide earlier this month that it is already working hand-in-hand with many developers to integrate passkey support into their apps. This signals that we can expect day-one passkey support from some apps and websites when iOS 16 launches next month.
The 95% adoption rate of two-factor authentication among iCloud users will also help accelerate the transition to passkeys and, ultimately, a password-less future altogether. Apple’s adoption of passkeys is a monumental step toward improving digital security. By removing the need for usernames and passwords, users will be better protected against phishing attacks and other potential compromises of their accounts.