What are Passkeys in Safari and How to Use Them
If you are signed up on a lot of websites, chances are there are a lot of passwords that you need to remember. Whilepassword managersdefinitely make the task easier, wouldn’t it be better if you simply didn’t have to remember passwords at all? That’s what the newly announced ‘Passkeys’ aim to do. So, what are Passkeys, and how can you use them? Well, that’s exactly what we’re going to discuss here.
Passkeys Explained, and How to Use Passkeys (2022)
What are Passkeys?
Passkey is a new standard based on the Web Authentication API (WebAuthn), designed to use public-key cryptography for authenticating apps and websites. Passkey enables your device to store private key information and use it to generate signatures to let you authenticate against a web server resulting in a seamless and secure password-less sign-in experience.
Instead of relying on passwords or two-factor authentication codes, Passkey leverages Face ID or Touch ID to the best effect to let you verify your identity and sign in. Yeah, Passkeys (subject to the full implementation) have brought an end to passwords. That means you will no longer need to create passwords, spend your precious time managing your secret codes, and curse your memory for forgetting the passwords.
How do Passkeys Work?
Before getting to know how Passkeys work, let’s briefly understand how passwords function as it would help in differentiating the two authentication methods.
Passwords are sent over the network and put through a hash function. The hash is then stored in the database. When you sign in, the hash is compared with the hash that’s available on the server. And they must match to allow a user access to the account. For additional security, passwords require you to verify your identity through two-factor (2-step) authentication.
Passkeys generate a unique pair of related keys: Public and Private keys. While the public key is stored on a web server, the private key is stored on your device.
Since the public key is basically a username, there is no need to worry about its security as it can’t be exploited like a copy of your password stored on a server. That’s also the reason why it is not kept secret.
As for the private key, it is stored on your device and never leaves. Moreover, your private key is kept in the iCloud Keychain and remains locked in order to ward off tracking and phishing attacks. Neither you nor the server knows anything about the private key, which means there is no question of compromise or exploitation.
Now, when you go to sign in to your account, your Passkey generates a signature and sends it to the server to validate your identity. The server then validates your signature using the public key, which it already has, and allows access to your account. It not only eliminates the need for second-factor authentication through codes but also ensures your private key never leaves your device. And that’s exactly what makes Passkeys a better option than passwords.
Why are Passkeys More Secure?
Passkeys rely on Bluetooth to work securely, unlike the two-factor authentication that uses Wi-Fi. With the access to Bluetooth, Passkeys are able to get both close physical proximity and also verify that it’s actually the user who is trying to sign in to the account.
Knowing that Passkeys are always locked and never leave your device, hackers will need to have physical access to your device and must authenticate your identity using Face ID/Touch ID to unlock it in order to break into your account. That’s one heck of a challenge, isn’t it? Let alone others, even you will never know your Passkey. If that’s not enough, Passkeys are also shielded by robust end-to-end encryption to further cut down any possible foul play.
On the contrary, passwords are stored on a server and heavily depend on two-factor authentication codes for secure sign-in. In an age where sensational website leaks have become the order of the day and verification codes are always under threat, it’s high time we said goodbye to both passwords and 2FA.
How to Create a Passkey on iPhone
Creating a Passkey on iPhone is extremely easy. Basically, websites that support Passkeys will automatically show a prompt asking you if you want to save a Passkey for signing in to them. Here’s the process that you’ll follow in order to create a Passkey on your iPhone.
Knowing that Passkeys work in sync with iCloud Keychain, ensure that you have enabled the built-in password manager.
How to Create a Passkey on Mac
Setting up a Passkey on Mac is just as easy.
How to Use Passkeys on iPhone
Once you have created your Passkeys, you can use them with ease.
How to Use Passkeys on Mac
How Do Passkeys Work on Android and Windows Devices?
Recently, theFIDO Alliance announcedthat Apple, Google, and Microsoft have committed to support its new password-less authentication method named “FIDO Standard”. With Passkeys, Apple has already given a go-ahead to the passwordless sign-in. As FIDO Standard is also being implemented on Android (as recently announced on Google I/O 2022) and Windows devices, you will be able to use Passkeys on non-Apple devices as well.
Coming back to the question as to how Passkeys work on Android and Windows devices and more importantly whether or not it provides the same level of security on other platforms. Well, when you try to sign in to your account on other devices, you are prompted toscan a QR codeusing your iPhone or iPad. After that, Passkeys asks you toauthenticate your identity using Face ID/TouchIDto ensure it’s you who is attempting to log in to the account. In a nutshell, the process of using Passkey on Windows or Android is almost the same as it is on Mac without Touch ID.
A Look at Key Benefits and Limitations of Passkeys
Frequently Asked Questions about Passkeys
Can You Use Passkeys in iOS 15 and macOS 12?
Yes – to a very limited extent. Even though macOS 12 and iOS 15 are also compatible with FIDO Standard, the previous method first requires you to sign in to each app and website on each of your devices before providing a passwordless login-in experience, which doesn’t feel all that seamless in practice.
How Do Passkeys Sync with Other Devices?
Passkeys sync across Apple devices linked with the same account through iCloud Keychain. Hence, so long as you are signed in to your devices with the same iCloud account, all your Passkeys will be available everywhere for you to use.
How Do You Share Passkeys with Others?
You can share your Passkeys just as the way you share your passwords using AirDrop. Considering Passkeys are also stored inside iCloud Keychain, you can easily keep a track of them and share with ease. Simply, head over to the Passkey you want to share (inside the Keychain entries) -> tap the share button -> tap the nearby device, and you are pretty much done.
What If You Can’t Authenticate Your Passkey Using Face ID/Touch ID?
Whether you do not have physical access to your device or you can’t authenticate your passkey using Face ID/Touch ID, you can verify your identity using other sign-in options such as password.
Will Password Managers Be Also Dead?
Now that passwords are seemingly dead, will password managers also become useless? To remain in sync with the time, leading password managers have already announced support for FIDO Standard. So, you can expect them to let you manage and use all your Passkeys more conveniently. Though it would be interesting to see how they transition to this new role and whether or not they remain as relevant as they are today.
When Will Passkeys Be Fully Implemented?
Now that Apple has handed over the Web Authentication API to developers, it entirely depends on them to make their apps and websites compatible with the passwordless sign-in method. Just like any other new technology, it will take some time to get implemented across the board. Hopefully, Passkeys’ implementation goes much faster than that of Dark Mode (introduced in iOS 13) which is not yet supported on all websites.
Sign In Faster and More Securely Using Passkeys
Dealing with passwords is a pain, and Passkeys may be the way out of the mess. Since Passkeys are going to work across Apple devices, as well as with Windows and Android devices, there’s a high chance that we might get rid of the annoying passwords once and for all. Google is expected to roll out support for Passkeys within the year, and since Passkeys are based on the FIDO authentication, they should be pretty much standard across the web and your devices. So, what do you think about the new password-less future? Let us know in the comments.
Beebom Staff
Bringing the latest in technology, gaming, and entertainment is our superhero team of staff writers. They have a keen eye for latest stories, happenings, and even memes for tech enthusiasts.
Add new comment
Name
Email ID
Δ
01
02
03
04
05
