Apple demonstrated “passkeys” at WWDC 2022, a new biometric sign-in standard that could finally kill off the password for good.
It’s no secret that passwords are insecure, with easily guessable credentials accounting for more than 80% of all data breaches, per Verizon’s annual data breach report. Passkeys eliminate the need for passwords entirely, according to Apple, and are much less susceptible to being stolen in the case of a data breach or phishing attempt.
Passkeys are stored on-device rather than on a web server, and use Touch ID or Face ID for biometric verification. During its demo of the password-free technology, Apple showed how passkeys are backed up within the iCloud Keychain and can be synced across Mac, iPhone, iPad and Apple TV with end-to-end encryption. Apple’s digital password replacement will also work across apps and the web, and users can sign in to websites or apps on non-Apple devices using an iPhone or iPad camera to scan a QR code.
Apple isn’t alone in its efforts to kill off the password. Last month, Google and Microsoft joined forces with Apple to expand support for passwordless logins across mobile, desktop and browsers. This new collective commitment was commended by Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), who at the time called it “the type of forward-leaning thinking that will ultimately keep the American people safer online.”
Apple, Google and Microsoft said that they aim to support the new passwordless authentication standard – which has been established by the FIDO Alliance and the World Wide Web Consortium – on their platforms within the next year. If Apple’s WWDC demo is anything to go by, macOS Ventura, iOS 16 and iPadOS 16 will be among the first operating systems to support the new sign-in standard.
Apple quietly announced another security feature called Rapid Security Response during its WWDC keynote, which it claims makes macOS and iOS more resistant to attack by keeping delivering security updates in the background without a reboot.