As part of its efforts to eliminate the need for passwords, Apple has finally embraced FIDO Alliance’s WebAuthn protocol to develop what it calls “Passkeys in iCloud Keychain”. The Cupertino giant highlighted its new authentication technology in a WWDC developer session and it helps users sign in to supported apps and websites using Face ID or Touch ID. You don’t need to enter a password to sign up or sign in with this technology.
Passkeys in iCloud Keychain
Passkeys are WebAuthn credentials to help users seamlessly log in to apps using Face ID or Touch ID on iPhones, Macs, and iPads. They are end-to-end encrypted and stored in iCloud Keychain. According to Apple, Passkeys uses public/ private key pairs and hence doesn’t require servers for storing authentication secrets. Here’s how Apple’s Passkeys in iCloud Keychain compares to existing authentication methods:
When you sign up for a new account using Passkeys, all you have to do is specify the username. Instead of a password, your Apple device will urge you to save a Passkey for your account. In this step, you should authenticate with Face ID and the account is created, all without a password. This Passkey is stored in iCloud Keychain. You can then sign in to the app by authenticating with Face ID. Passkey also works on the web for Apple devices across all browsers on supported websites.
“The emphasis of this preview is the authentication technology, an iCloud Keychain-backed WebAuthn implementation. An industry-wide transition away from passwords will need thoughtful and consistently applied design patterns, which are not part of this preview,” said Garrett Davidson from Apple’s Authentication Experience team. Apple says that Passkeys in macOS Monterey and iOS 15 are only meant for testing and not for production accounts.