On Monday, October 24th, Apple released updates for iOS, iPadOS, WatchOS, and MacOS. There are several features bundled in all, including live activities, Matter (smart home hub) support, so on and so forth. But the one change I want to discuss today is Passkeys.
What are Passkeys?
Apple describes this as: “Passkeys give you a simple and secure way to sign in without passwords by relying on Face ID or Touch ID to identify you when you sign in to supporting websites and apps“. Pretty straightforward, right?
Using passwords is rough. “12345” or “password” doesn’t cut it anymore – specially not with every website having different log-in rules. “Don’t use consecutive numbers”, “Only these special characters allowed”, “Only these other special characters that absolutely no one uses are allowed”, and so on. If you use Password Managers (big fan of Bitwarden), remembering passwords becomes easy, all of a sudden. Mostly because you don’t have to do any of the remembering. Password managers are also capable enough to generate passwords for you now.
On the other hand, there are also tons of authentication platforms that don’t even require a password, they’ll just text or email you a code (big fan of these, unless I’m in a rush) (I’m always in a rush).
If you use Safari, you have probably also noticed how Apple is like an annoying relative who pesters you about doing something their way (custom-passwords) and you really have to dig deep (press like 3 different buttons) to say “No, I’ll use my own way (password). So what’s next in this toxic relationship (that, contrary to real life) sometimes proves beneficial?
You guessed it – Passkeys.
Image credit: 9to5Mac
To avoid boring you with cyber security – here’s a cliff-notes version of what a passkey actually is.
Think of a key and a lock. You need a key to open a lock. You with me so far? Except with passkeys, you actually have 2 keys – a key pair. One of them is public, so that the website you’re trying to create an account with/ login, knows it’s yours. The other key is private – only your device knows about it. In order for you to successfully authenticate yourself somewhere, there has to be a match between this public (that the specific website has) and this private key (that only your device has). Unlike a password, it can’t be guessed or hacked. It’s end-to-end encrypted, so even less likeliness of someone gaining access. And most importantly, it’s linked to a specific website and that’s it. You know how you use the same password for at least 5 different social media accounts? You can’t have 1 passkey for all 5 websites.
Enabling passkeys is easy – simply access your settings app –> profile –> iCloud –> Passwords and Keychain –> and hit Sync.
Real-World usage of Passkeys
So, we’ve established that the next iteration of passwords is not using passwords at all. To access your account, you’d simply scan your face or your finger, and you should be logged in. Can you go ahead and use this feature already? Yes and no. It’s very new – so most websites don’t support this yet. The ones that do include: Kayak, Best Buy, eBay, CardPointers, WordPress.com, and others. Google also announced that they are bringing passkey support to Android and Chrome as well. Google will allow you to create passkeys on Android Devices, and have them sync up with Google Password Manager (so similar to what goes on with Apple devices and the iCloud Keychain).
The support coming from non-Apple companies (Google, Microsoft) also means that passkeys will be universal. If you have your passkey-supporting-device near you, you can use it to sign in on a totally different device (still using passkeys). “ For example, an Android user can now sign in to a passkey-enabled website using Safari on a Mac. Similarly, passkey support in Chrome means that a Chrome user, for example on Windows, can do the same using a passkey stored on their iOS device.”
Still, it’s early days. We need to consider a reality where you lose all your passkey-supporting-devices, or need to access a device that doesn’t support it, yada yada yada. That being said, the future of passwords really is password-less. Think of how much time you’re going to save moving forward by avoiding coming up with a hard-to-guess password, or making sure you follow password generating instructions, or trying to remember your password while signing in, or.
Passkey Demo – take a look at the process!
In other news, here are some takeaways from recent reads:
- Amazon will now let you use Venmo to pay for your Amazon purchases (but it won’t let you use PayPal, who owns Venmo. Odd)
- WhatsApp had a global outage for at least 60 minutes on October 25th
- Bumble, the dating app, is open-sourcing their machine learning tool that detects explicit images in conversations (unsolicited nudes, images of guns), in the hopes of getting the tech community to aid in the improvement of this technology