What are Passkeys in Safari and How to Use Them

If you are signed up on a lot of websites, chances are there are a lot of passwords that you need to remember. While password managers definitely make the task easier, wouldn’t it be better if you simply didn’t have to remember passwords at all? That’s what the newly announced ‘Passkeys’ aim to do. So, what are Passkeys, and how can you use them? Well, that’s exactly what we’re going to discuss here.

Passkeys Explained, and How to Use Passkeys (2022)

What are Passkeys?

Passkey is a new standard based on the Web Authentication API (WebAuthn), designed to use public-key cryptography for authenticating apps and websites. Passkey enables your device to store private key information and use it to generate signatures to let you authenticate against a web server resulting in a seamless and secure password-less sign-in experience.

Instead of relying on passwords or two-factor authentication codes, Passkey leverages Face ID or Touch ID to the best effect to let you verify your identity and sign in. Yeah, Passkeys (subject to the full implementation) have brought an end to passwords. That means you will no longer need to create passwords, spend your precious time managing your secret codes, and curse your memory for forgetting the passwords.

How do Passkeys Work?

Before getting to know how Passkeys work, let’s briefly understand how passwords function as it would help in differentiating the two authentication methods.

Passwords are sent over the network and put through a hash function. The hash is then stored in the database. When you sign in, the hash is compared with the hash that’s available on the server. And they must match to allow a user access to the account. For additional security, passwords require you to verify your identity through two-factor (2-step) authentication.

Safari Passkeys
Image courtesy: Apple

Passkeys generate a unique pair of related keys: Public and Private keys. While the public key is stored on a web server, the private key is stored on your device.

Since the public key is basically a username, there is no need to worry about its security as it can’t be exploited like a copy of your password stored on a server. That’s also the reason why it is not kept secret.

As for the private key, it is stored on your device and never leaves. Moreover, your private key is kept in the iCloud Keychain and remains locked in order to ward off tracking and phishing attacks. Neither you nor the server knows anything about the private key, which means there is no question of compromise or exploitation.

Now, when you go to sign in to your account, your Passkey generates a signature and sends it to the server to validate your identity. The server then validates your signature using the public key, which it already has, and allows access to your account. It not only eliminates the need for second-factor authentication through codes but also ensures your private key never leaves your device. And that’s exactly what makes Passkeys a better option than passwords.

Why are Passkeys More Secure?

Passkeys rely on Bluetooth to work securely, unlike the two-factor authentication that uses Wi-Fi. With the access to Bluetooth, Passkeys are able to get both close physical proximity and also verify that it’s actually the user who is trying to sign in to the account.

Knowing that Passkeys are always locked and never leave your device, hackers will need to have physical access to your device and must authenticate your identity using Face ID/Touch ID to unlock it in order to break into your account. That’s one heck of a challenge, isn’t it? Let alone others, even you will never know your Passkey. If that’s not enough, Passkeys are also shielded by robust end-to-end encryption to further cut down any possible foul play.

On the contrary, passwords are stored on a server and heavily depend on two-factor authentication codes for secure sign-in. In an age where sensational website leaks have become the order of the day and verification codes are always under threat, it’s high time we said goodbye to both passwords and 2FA.

How to Create a Passkey on iPhone

Creating a Passkey on iPhone is extremely easy. Basically, websites that support Passkeys will automatically show a prompt asking you if you want to save a Passkey for signing in to them. Here’s the process that you’ll follow in order to create a Passkey on your iPhone.

  • When you’re registering on a website that has added support for Passkeys, you will get a popup such as “Do you want to save a passkey for <your username>? Passkeys are saved in your iCloud Keychain and are available for sign-in on all your devices.”
save passkey on iphone
  • Tap on ‘Continue’ and authenticate using Face ID/ Touch ID to save your Passkey to your keychain.
save passkey authenticate with faceid

Knowing that Passkeys work in sync with iCloud Keychain, ensure that you have enabled the built-in password manager.

  • Go to the Settings app on your iPhone. After that, tap on your profile and choose iCloud.
settings icloud in iphone
  • Now, tap Passwords and Keychain, and then make sure the toggle for Sync with this iPhone/iPad is turned on.
enable icloud sync for keychain

How to Create a Passkey on Mac

Setting up a Passkey on Mac is just as easy.

  • Navigate to the site/app where you want to use Passkey and then register your account as usual.
register to passkey supported website mac
  • Now, you will get a popup asking you whether you want to save a Passkey. Click Continue with Touch ID and authenticate. Note that if your Mac does not support Touch ID or if you don’t use it, you will need to authenticate using your administrator password. Do it and your Passkey will be ready for this site.
use touch id to authenticate and save passkey

How to Use Passkeys on iPhone

Once you have created your Passkeys, you can use them with ease.

  • Navigate to the app or site where you want to sign in, and tap on the Sign In button.
  • A popup will now show up from the bottom saying, “Do you want to sign in to ‘Site/App’s name’ with your saved passkey for ‘Username”? Tap Continue. Authenticate with Face ID/Touch ID and you are all set!
sign in with apple passkeys on iphone

How to Use Passkeys on Mac

  • Navigate to the app/site where you want to use a Passkey and click on ‘Sign In’.
sign in on website
  • Now, you will get a prompt to sign in using your Passkey. If you have set up Touch ID on your Mac, use it to authenticate your account.
choose account for sign in with passkey on mac
  • If your Mac does not support Touch ID or you do not use it, click Other Sign-In Options.
sign in with other options
  • Now, select the “Use passkey from a device with a camera” option.
scan qr code to sign in passkey
  • Next, you will get a prompt to scan the QR code using your iPhone/iPad.
qr code to sign in passkey
  • When you scan the code, you will get options for all the Passkeys saved in your iCloud keychain for that website. Simply pick the one you want, and tap ‘Continue’.
scan qr code with iphone to sign in with passkey
  • Authenticate using Face ID/ Touch ID and that’s it. You will be signed in with your account on the website.

How Do Passkeys Work on Android and Windows Devices?

Recently, the FIDO Alliance announced that Apple, Google, and Microsoft have committed to support its new password-less authentication method named “FIDO Standard”. With Passkeys, Apple has already given a go-ahead to the passwordless sign-in. As FIDO Standard is also being implemented on Android (as recently announced on Google I/O 2022) and Windows devices, you will be able to use Passkeys on non-Apple devices as well.

What are Passkeys in Safari and How to Use Them
Image courtesy: Apple

Coming back to the question as to how Passkeys work on Android and Windows devices and more importantly whether or not it provides the same level of security on other platforms. Well, when you try to sign in to your account on other devices, you are prompted to scan a QR code using your iPhone or iPad. After that, Passkeys asks you to authenticate your identity using Face ID/Touch ID to ensure it’s you who is attempting to log in to the account. In a nutshell, the process of using Passkey on Windows or Android is almost the same as it is on Mac without Touch ID.

A Look at Key Benefits and Limitations of Passkeys

ProsCons
Seamless sign in Works only with the latest operating systems like iOS 16, iPadOS 16, and macOS 13
Your Passkey never leaves your deviceMust require physical access to your device during sign in
Neither you nor anyone else can know your Passkey Less useful for people who are high-level target
Completely eliminates the need for second-factor authentication through codes
Close physical proximity is required during login
Must be authenticated using Face ID/Touch ID
Works across devices
Syncs across Apple devices using iCloud Keychain
Can be shared with AirDrop
Remains shielded with end-to-end encryption
Fully equipped to keep phishing attacks and tracking at bay

Frequently Asked Questions about Passkeys

Can You Use Passkeys in iOS 15 and macOS 12?

Yes – to a very limited extent. Even though macOS 12 and iOS 15 are also compatible with FIDO Standard, the previous method first requires you to sign in to each app and website on each of your devices before providing a passwordless login-in experience, which doesn’t feel all that seamless in practice.

How Do Passkeys Sync with Other Devices?

Passkeys sync across Apple devices linked with the same account through iCloud Keychain. Hence, so long as you are signed in to your devices with the same iCloud account, all your Passkeys will be available everywhere for you to use.

How Do You Share Passkeys with Others?

You can share your Passkeys just as the way you share your passwords using AirDrop. Considering Passkeys are also stored inside iCloud Keychain, you can easily keep a track of them and share with ease. Simply, head over to the Passkey you want to share (inside the Keychain entries) -> tap the share button -> tap the nearby device, and you are pretty much done.

What If You Can’t Authenticate Your Passkey Using Face ID/Touch ID?

Whether you do not have physical access to your device or you can’t authenticate your passkey using Face ID/Touch ID, you can verify your identity using other sign-in options such as password.

Will Password Managers Be Also Dead?

Now that passwords are seemingly dead, will password managers also become useless? To remain in sync with the time, leading password managers have already announced support for FIDO Standard. So, you can expect them to let you manage and use all your Passkeys more conveniently. Though it would be interesting to see how they transition to this new role and whether or not they remain as relevant as they are today.

When Will Passkeys Be Fully Implemented?

Now that Apple has handed over the Web Authentication API to developers, it entirely depends on them to make their apps and websites compatible with the passwordless sign-in method. Just like any other new technology, it will take some time to get implemented across the board. Hopefully, Passkeys’ implementation goes much faster than that of Dark Mode (introduced in iOS 13) which is not yet supported on all websites.

Sign In Faster and More Securely Using Passkeys

Dealing with passwords is a pain, and Passkeys may be the way out of the mess. Since Passkeys are going to work across Apple devices, as well as with Windows and Android devices, there’s a high chance that we might get rid of the annoying passwords once and for all. Google is expected to roll out support for Passkeys within the year, and since Passkeys are based on the FIDO authentication, they should be pretty much standard across the web and your devices. So, what do you think about the new password-less future? Let us know in the comments.

comment Comments 0
Leave a Reply