It’s official, after years of a slow and steady decline, the sun may finally be setting on the humble password. At Apple’s annual Worldwide Developer Conference (WWDC), the tech giant announced it would be ditching the password in favor of passwordless logins as early as September.
Apple’s security replacement, Passkey, uses Face and Touch ID to authenticate the user’s identity, and will be introduced across Safari and iOS first. Google and Microsoft also plan to implement similar models soon.
With weak and ineffective passwords responsible for 81% of cyber attacks worldwide, and the most commonly used password often hacked in seconds, it’s clear that adequate password managers and robust security solutions aren’t just an option, they’re necessary.
So, as we embark on a passwordless future, here’s what you need to know about the password’s latest successor – passkeys.
Passwords Are Out, Passkeys Are In
Described by the company as “next-generation credentials that are safer and easier to use than standard passwords”, the new verification method aims to make entering codes manually a thing of the past.
What Is a Passkey?
Instead of characters, Passkeys rely on biometric data, like Face and Touch ID, to grant users access to sites or platforms. Because it’s so difficult to replicate, Passkeys are said to be one of the most secure verification methods out there.
In fact, according to Darin Adler, Apple’s VP for internet technology, Passkey codes provide one of the highest forms of protection against your data being phished, leaked, or hacked.
Passkeys are a standard-based technology that, unlike passwords, are resistant to phishing, are always strong, and are designed so that there are no shared secrets. – Apple’s support document
How do Passkeys Work?
Well, according to Apple’s support document, the Passkey verification method is built on standard Web Authentication and uses a unique cryptographic key pair for each website or account it’s stored on.
What this means is that a copy of the Passkey is locked into the website or app, and is only able to be unlocked by the users’ matching biometric information.
Because the second key is private and only available to the user, it’s less likely to be stolen, phished, or hacked by malicious actors. According to Apple’s own statement, this makes the measure even more secure than two-factor authentication.
Apple, Google, and Microsoft Buddy Up
While Apple is one of the first companies to pencil in a release date for Passkeys, it’s not the only tech firm looking to move away from passwords.
The Fast Identity Online (FIDO) Alliance, a U.S-based tech industry group, has been working towards a passwordless future for the last ten years. This March, the organization established a way to safely store cryptographic keys. By using this development as a springboard, Apple was then able to transform Passskeys from a vision to reality.
Alongside Apple, Microsoft and Google have also developed passkeys through the FIDO alliance. Microsoft is planning to introduce passkey support across Windows in the coming months, and Google is planning to launch a passkey option across both Chrome and Android platforms later this year.
What Might a Passwordless Future Look Like?
As big tech gets serious about embracing new security systems, you might be wondering what impact this will have on users.
There’s no denying that by removing the necessity of passcodes, the web could become a much safer place. Cryptographic solutions like Passkeys will make it increasingly difficult for bad actors to break into personal accounts. And not only is this likely to reduce instances of phishing attacks, network hacks, and data breaches – it could also provides users with a more simple and faster way to log in.
But while the future of online verification looks bright, passwords aren’t done away with just yet. Before solutions like Passkeys enter the mainstream, passwords will continue to be used to secure devices globally — and this may not be as bad as you think.
When used effectively, passwords can still form powerful lines of defense. Users just need to come up with solid codes and avoid repeating them across platforms. This doesn’t need to be hard, either. By using password managers, all your passwords can be generated and stored from a single platform.
Read our guide to the best password managers to leave weak, hackable passwords in the past.
