Apple’s passkeys were announced at WWDC 2022 and will launch with the arrival of iOS 16 in the fall. These magical keys are set to change the way we log in to all of our apps and websites, but what are they, how do they work and are they really safer? Apple’s VP of Internet Technologies, Darin Adler and Senior Director of Platform Product Marketing, Kurt Knight, sat down with me for an exclusive talk about passkey technology.
“It's hard to remember now because today, virtually everyone has a passcode on their phone, but prior to touch ID, it was not actually the norm. Those extra digits were a huge inconvenience for people,” says Kurt Knight, Senior Director of Platform Product Marketing.
Today we use passwords almost everywhere. But systems that increase our digital security also create barriers for us to use it ourselves, slowing down our access to it. Whether that’s putting in your passcode, entering a username and password or doing a two-step authentication using your phone or a code generator.
Introducing passkeys
Apple’s passkeys aim to remove those barriers by actually speeding up the login process while also making it more secure. It does this in two ways: Any login using a passkey can use another device you have on you to authenticate it’s really you, or your regular face or touch ID. All you need to do is click to approve and you’re instantly logged in. No more, typing in user names or passwords.
The second part is the security. While password managers and multi-factor authentication can help make things safer, they are not foolproof. Passkeys use what’s known as public key cryptography. This comprises a public key (like a username) that is shared with the website and a private key that remains on your device. Unlike with a password, your private key is never even shown to the website, let alone stored. Instead, the public key is used to set your device a challenge that can only be solved using that private key.
“Passkeys solve the security issues with passwords today. They can't be phished, they can't be leaked, and at the same time, they're dramatically easier to use,” says Knight. “They take all the guesswork of protecting your accounts. It's one choice and it's secure.”
Password managers can still be hacked
Many of us use a form of password manager to hold our passwords. There’s even password managers now built into browsers like Chrome. All you need to do to access your passwords is enter your device password or use your touch/face ID. But with password managers, you are still sharing your password with other devices. Data leaks or hacks of websites can expose these passwords leaving your accounts very vulnerable. With passkeys, though, even if someone hacked your favourite website, all they would get is your public key. And without the private key on your device, it’s not enough to gain access to your account.
Sign up to the T3 newsletter for smarter living straight to your inbox
Get all the latest news, reviews, deals and buying guides on gorgeous tech, home and active products from the T3 experts
Touch ID (followed by face ID) revolutionised digital security for Apple users. It made added security simpler and encouraged people to be more secure. Apple’s passkey system will take that to the next level.
“What's unique about passkeys is that combination of using the device already in your pocket with the iCloud keychain,” says Darin Adler, Apple’s VP of Internet Technologies.
Apple’s iCloud Keychain works to save passwords like a password manager but with the iOS 16, iPad OS 16 and Mac Ventura updates, it will also be able to hold your passkeys.
Logging on using passkeys
When you go to log on to a website that uses passkeys, it will work much the same way as before. In fact, websites will be able to offer both passkey and password sign up in parallel without an issue (they don’t need to choose between the two methods). Your iCloud keychain will offer up your public passkey when your click to sign in and all you will need to do is confirm with a touch/face ID, or if you’re on a Mac, by confirming on your phone.
In a video from WWDC 2022, you can see the passkeys in action. First it shows the process of adding a passkey to your account (websites are likely to offer this in your account settings). Then it shows the process of logging in with a passkey. Rather than putting in your username, password and then getting a two-factor authorisation, the user selects the username field as before. Instead of entering your user name, the iCloud Keychain suggests using your new passkey. With one tap, it activates face ID, approves and logs you straight in.
“Passkeys fit in the way password autofill did, and with touch ID and face ID, only you make the choice of using a passkey. You don't have to teach yourself something new. That gives this powerful new level, but it's truly easy, easy to use,” says Adler.
Access everywhere, for everyone
The beauty of this passkey system is that it’s not Apple-only. It was developed in cooperation with Google and Microsoft, through the FIDO Alliance. This means you can still use your iPhone to authenticate on a PC – you’ll just be presented with a QR code to scan on your phone to start the process. Similar processes are expected for Android phone users when using a Mac.
Apple is expecting a fast implementation of the passkey system from launch. Developers gained access to passkey technology at WWDC 2022, back in June, so have time to implement before the iOS 16 / Mac Ventura launch. It’s even expected that website builders will offer small businesses the facility to add passkey access into their websites, with little disruption.
The end of passwords
So will Passkeys completely eliminate the password? Well, for now you will still need a master password to access your iCloud Keychain – that stores your passkeys and passwords. If for some reason you need to remove access to your keychain or change or passkeys, you can do that in much the same way as you would with passwords. The difference being that even if someone has one of your devices, they would still need your password, face or touch ID to access your keychain.
The beauty of your passkeys being held by the iCloud Keychain is that they are not simply tied to a single device.
“We know people lose their phones, they upgrade to a new phone, or switch to a different phone you're kept secure,” adds Adler. “The way iCloud Keychain achieves that is that it’s end-to-end encrypted. So those are strong cryptographic keys, and they're not known to Apple. It gets the info from one of your other devices, without Apple having access to your credentials.”
Of course, if someone has access to your phone or laptop, that doesn’t mean they can access your passkeys. You still need to enter your biometrics or master password to access your Keychain. For now at least, the one master password will remain – after all, you can’t access passkeys with a passkey.
What do I need to use passkeys?
Any device running iOS 16 can support passkeys, it doesn’t even need to have touch or face ID. Just a camera and Bluetooth. And thanks to the FIDO alliance, you will be able to take your passkeys with you, even if you switch to an Android device.
“We're working with FIDO Alliance so that you'll be able to migrate your passkeys from one platform to another,” adds Knight. “And in addition to working with websites, across Apple products and across platform, we're also bringing this technology to support apps, with all of the same benefits for users and developers.”
Kurt and Darin expect that the rollout of passkeys in third-party websites and apps will be fast, partly because it can run in parallel with passwords. While this is unlikely to be the big feature people are talking about when iOS 16 / iPad OS 16 and Mac Ventura launch, it is perhaps the one that will have the biggest effect on your online safety.
As T3's Editor-in-Chief, Mat Gallagher has his finger on the pulse for the latest advances in technology. He has written about technology since 2003 and after stints in Beijing, Hong Kong and Chicago is now based in the UK. He’s a true lover of gadgets, but especially anything that involves cameras, Apple, electric cars, musical instruments or travel.
-
This Versace fragrance was top of my Christmas list – it's almost $50 cheaper in early Cyber Monday deal
Pick up the iconic Versace Eros for less this weekend at Walmart
By Sam Cross Published
-
Nespresso’s best pod coffee machine is under $100 in Cyber Monday deal
Get 37% off the Nespresso Vertuo Pod+ in Best Buy’s Cyber Monday sale
By Bethan Girdler-Maslen Published
-
I use Apple's best AirPods daily – and the price just dropped in 5-star deal
With nearly $100 off, this AirPods Pro 2 Black Friday deal is too good to miss
By Britta O'Boyle Published
-
The iPad just dropped to its lowest-ever price – this is a 5-star Apple deal
You can get your hands on Apple's entry-level tablet for just over $250
By Britta O'Boyle Published
-
Apple should make a Fire TV Stick rival not its own TV, says expert
And we agree...
By Britta O'Boyle Published
-
Smarter Siri still planned for iPhone, but there's a catch
There's a brand new Siri coming to your iPhone, but you're going to have to wait a while longer
By Carrie Marshall Published
-
iPhone 17 Slim tipped to be the thinnest iPhone Apple’s ever made
Could make the iPhone 16 look massive
By Carrie Marshall Published
-
An Apple flatscreen TV could be back on the cards again
It might take a while though...
By Britta O'Boyle Published
-
Apple AirTag 2 upgrade will bring better range, improved privacy, and a stalker-proof speaker, says insider
Apple's useful little thing-finders are reportedly getting a big refresh in 2025
By Carrie Marshall Published
-
Google pulls a masterstroke by getting Gemini onto UK iPhones before Apple Intelligence
The standalone app is available now
By Britta O'Boyle Published