Apple has confirmed its plan to start the “long journey” away from passwords. At the company’s WWDC developer conference, the device maker gave details of its plan to replace passwords with hardware-based ‘PassKeys’ that are linked to its TouchID and FaceID identity services.
The initiative is part of a collaboration with the Fido (Fast Identity Online) Alliance, which also includes Google and Microsoft. Apple explained that its PassKeys could be across devices or operating systems – for example, a Windows machine could be unlocked using TouchID on an iPhone.
The new PassKey system means no passwords are stored on any single website, instead linked to the “device in your hand”. An Apple device will act as an authenticator, generating a public-private key pair for each of the device user’s accounts.
The device retains the private key, and shares the public key with the server. They are “next-generation credentials that are more secure, easy to use, and designed to replace passwords,” Apple said in a statement.
“Passkeys are unique digital keys that stay on device and are never stored on a web server, so hackers can’t leak them or trick users into sharing them,” the company explained. “Passkeys make it simple to sign in securely, using Touch ID or Face ID for biometric verification, and iCloud Keychain to sync across Mac, iPhone, iPad, and Apple TV with end-to-end encryption.
“They will also work across apps and the web, and users can even sign in to websites or apps on non-Apple devices using their iPhone.”
Jake Moore, global cybersecurity advisor at ESET, told Tech Monitor that anything that makes security convenient and secure is an important move forward. “Pairing with devices helps users remain safe from remote attacks and doubling up on biometrics bolsters the effects,” he said.
He added that some users might need encouragement in using the new system. “Many feel they are fine without these extra protections or do not realise the potential insecurities, so gently and slowly forcing in the right direction will help those who need it most,” he said.
The plan is part a renewed effort by the tech industry to end the reliance on passwords, which Apple described as “easily hackable”. A 2018 survey by the Ponemon Institute found that password reuse is rife even among IT professionals, with two-thirds admitting to reusing passwords three times or more.
WWDC news: new MacBooks and APIs
Other announcements at WWDC include two new MacBooks that use Apple’s own M2 processor, as well as new versions of its mobile, watch, tablet and laptop operating systems that are available for developer preview today, public preview in July and on general release in the Autumn.
Several software features will make collaboration with other users easier, including the release of a new API to allow other app developers to bring Collaboration, a feature used by Apple to allow multiple users to work on a single document, to their software.
Apple will also now natively support using the iPhone as a webcam for the Mac, significantly improving camera quality, as well as offering wide and telephoto lenses, and access to the other features of the camera including background blur and “studio light”. This works across all video conferencing apps including Facetime, Microsoft Teams and Zoom.
The two-hour long event started with a detailed look at the latest version of the mobile operating system, iOS 16, including a customisable lock screen that includes widgets and an API making it easier for developers to bring aspects of their own apps to the front page of a users phone.
Apple also revealed updates to its message app iMessage including the introduction of SharePlay, a feature that lets users type while watching a TV show or playing a game. This is a feature already available for FaceTime.
The LiveText feature, that lets users take a photograph and copy the text within the image, is being upgraded and can now be used to automatically translate text in another language and can be used with video to copy text on screen.
Apple is also expanding its Wallet, already widely used for making payments or holding store cards, to allow easy access to driver licenses and other IDs in certain US states, as well as keys to digital door locks in hotels, the car or even the office.