Passkeys: the next step in macOS security
One of the most important announcements at Apple’s WWDC in June 2022, in terms of the impact it will have on our daily lives, was passkeys. This security feature that will be rolled out with macOS Ventura, as well as on iOS 16 and iPad OS 16, isn’t as exciting as some other features but is hugely important. In this article, we’ll take a look at what Apple passkeys are, why they matter, and how to use them.
What are passkeys?
Apple describes passkeys as a replacement for passwords. They are more secure than passwords because you won’t have to create or remember a series of characters and, therefore, won’t be vulnerable to phishing attacks that rely on you providing your credentials to a fake website. And they are easier to use for the same reason — you don’t need to keep passwords in mind.
How do passkeys work?
When you sign up for an account on a website using a Passkey, a pair of cryptographic keys is created. One, a public key, is stored on the server of the website you’re signing up to. The other, a private key, is stored on your Mac and synced with iCloud, so it’s available on all your devices. When you next sign in to the account, all you will have to do is authenticate on your Mac using Touch ID or on an iPhone or iPad using Touch ID or Face ID. Once you’ve done that, you’ll be able to access your account.
How to use Apple passkeys on your Mac
Passkeys work in a very similar way to signing in with iCloud Keychain. However, instead of creating a username and password, your Mac will offer to save a passkey for the website or app. The passkey will then be saved in iCloud, and the next time you use the app or visit the website on a device connected to your iCloud account, you’ll be able to sign in using Touch ID or Face ID.
What Macs support passkeys?
Apple hasn’t said which Macs will support passkeys. However, given that it uses biometric authentication, you will at least need to be using a Mac that supports Touch ID. This means a recent MacBook Pro or MacBook Air or a desktop Mac with an Apple keyboard with Touch ID will support Apple passkeys.
What happens if I no longer have access to my Mac?
As soon as you create a passkey, it is synchronized with iCloud Keychain. So, as long as you have access to a device logged into your iCloud account, whether it’s another Mac, an iPhone, or an iPad, you will be able to authenticate access to your account.
How do I access my account from a non-Apple device?
Passkeys are a standards-based technology likely to be supported on most computers and mobile devices soon. So, if you need to access an account on, say, a smart TV, you will still be able to do that. The TV, games console, or other devices will display a QR code that you can scan on your smartphone, and this will authenticate access.
And if someone needs to access your account from a device that’s not yours, you can share passkeys via AirDrop.
What happens if I lose all the devices connected to my iCloud account?
There’s a mechanism built into iCloud Keychain to deal with that. It escrows your keychain data with Apple in a way that prevents Apple from reading your passwords or other data. This means that Apple keeps a copy of the data for use only in this type of extreme situation — a user losing devices connected to their iCloud account.
In order to recover a copy of the keychain from the escrow, several conditions have to be met. So, for example, if you would have to authenticate your iCloud account, respond to an SMS sent to a device registered with your account and enter your device passcode. After 10 failed attempts, the record is locked. If you fail again, the escrow is destroyed.
However, the existence of the escrow does mean you can access your passkeys even if you lose all your devices, so you can do it as long as you meet the conditions above.
Will passkeys replace passwords?
That’s the aim. Apple isn’t the only company working on this kind of authentication. It’s a standards-based technology, and Google and Microsoft are also planning on implementing their versions of passkeys. Eventually, typing or pasting in usernames and passwords will be a thing of the past, and we’ll all log into websites and apps using Face ID or Touch ID on mobile devices.
Passkeys in macOS Ventura and iOS 16 change the way users will create accounts on websites and apps and then log into them in the future. By removing the need to create and remember passwords, they not only make it more convenient but more secure, too, by eliminating the possibility of phishing attacks. Start using them as soon as you install Ventura, and you’ll be safer online.