During WWDC, Apple unveiled Passkey, a way to create an account and identify yourself on a site using biometric systems, without having to create any password.
To connect to an application or a website today, you have to create an account which usually consists of a username and password. Some connection systems allow you to use the account of another platform (Google, Facebook, Apple) to connect more easily, but this account still always uses this iconic duo login / password … But until when?
Apple wants to do away with passwords
On the occasion of WWDC, in a session entitled Move beyond passwords (« Go beyond passwords“), Apple introduced a new solution to remove passwords. For several years now, it has been possible to use the biometrics of your smartphone to identify yourself more easily on certain applications and Safari has also been integrating it since last year on iOS and macOS. Now, Apple wants to go further by allowing you to create an account directly with biometrics rather than a password.
In the course of the year, it will therefore become possible, on sites and applications that adopt Passkeys, to create an account without ever entering any password, but instead using the biometric identification systems of iOS, iPadOS and macOS (Touch ID and Face ID). The technology in question is integrated into the iCloud keychain (therefore end-to-end encrypted), like a traditional password, and is based on the WebAuthn protocol, developed by the FIDO Alliance (Fast IDentity Online), a grouping of companies (including Apple) that are looking to improve web security and reduce the risk of web hacks, including removing passwords.
Why remove the password?
A password remains the most sought after item by hackers. Once obtained, it gives access to a large amount of information and, one thing leading to another, sometimes allows access to other accounts. This is why the campaigns of phishing are also numerous to try to extract your password. And sometimes, even a very good password manager is not enough, since the password remains shared with the server of the service you are trying to connect to, and can therefore be intercepted in the event of a breach.
In preview only
Passkeys is currently only available in preview on iOS 15 and macOS Monterey and requires advanced functionality on both systems to be activated to take advantage of it. It will therefore take a little while before you can completely do without the password.
In addition, if you are using a competing platform (Android or Windows in particular), you will need to keep an iPhone or Mac handy to connect to the services on which you have registered using Passkeys.