On the first day of the World-Wide Developers Conference (WWDC) 2022, Apple announced Passkeys. The company said that Passkeys are a replacement for passwords to sign in on websites and apps. Not just a replacement, but they are faster, secure, and much easier to use. One of the major benefits of Passkeys is that they are not prone to phishing-like passwords. Apple has designed Passkeys to work across all of its devices including the non-Apple devices within physical proximity.
Passkeys are built on the WebAuthentication standard using Public Key Cryptography. When the user is registering an account, the operating system of the Apple device will create a unique cryptographic pair for associating with an account for the website or the app. One of the keys will be stored on a private server while the other one will be public and not secret at all. However, to log in to the account, a private key will be needed. Also, Apple has ensured that the private key is never learned by the server.
Apple Leverages Face ID and Touch ID for Passkeys
Apple devices which come with support for either Face ID or Touch ID or both can be leveraged to authorise the use of Passkey. The device's security system can act as a way to authenticate the user to the website or the app. Apple said the server doesn’t need to protect the public key.
The great thing about being in an Apple ecosystem of products is that iCloud can help with synchronising the experience and activities between multiple devices. The Passkeys have been designed by Apple to leverage the iCloud Keychain for syncing across a user’s multiple devices. This means that users can authenticate login in multiple devices using the same Passkey if their iCloud ID is active in them.
Apple is not only making sure that its users have a safe experience, but also creating an ecosystem lock that would want the users to stay with Apple products.