Passkeys is the implementation of the FIDO standard on Apple platforms. Thanks to Passkeys, we can forget passwords and authenticate in an extremely secure way on the Sites and Services. One of the many new features in iOS 16, iPadOS 16, and macOS Ventura focused on increasing security and convenience at the same time.
How Passkeys Works: Security First
Before I talk about using Passkeys itself, I think it’s important to remember who offers. In addition to the convenience of being able to forget any password forever, the list is very interesting.
- Access keys cannot be filtered in attacks or security breaches in the services and servers.
- Passkeys is extremely phishing resistant.
- We can use Passkeys on any devicealso in non-Apple ones.
- Se synchronization between our devices thanks to end-to-end encryption and iCloud.
- Completely replaces the old system of passwords.
- We don’t need to use a 2FA to secure the account.
And the idea behind Passkeys is really simple, since it’s based on something that we already use on a daily basis every time we send a message, for example: the end-to-end encryption
Without going into too technical details, we will say that an asymmetric key is, in reality, a pair of keys that are closely related to each other in a mathematical way. One key, the private, is secret, while the other, the public, can be freely shared..
The magic, if I may use that expression, is that a message can be mathematically signed so that the owner of the public key can verify that it was indeed the owner of the private key and no one else who issued this message. At the same time, the public key holder can encrypt a message that only the private key holder can decrypt.
So with Passkeys, when you sign in to a site, your device securely generates a key pair locally and stores the private key in iCloud Keychain while sending the public key. Thanks to this distribution, when we connect the site can challenge us that only we can understand (decipher) and receive a response that only we can send (thanks to the signature). An ultra-secure authentication system.
How is the user experience: comfort and speed
Using Passkeys is really easy. When you first register with a site or service, all you need to do is choose a username and press Register. Immediately, Safari shows us a message like the one we see in the screenshot above. just here we use Face ID or Touch ID to verify and that’s it.
Once done, the login process is just as easy. We touch the button to connect to the site and Safari shows us a message like the one above these lines. Again just we identify ourselves by Face ID or Touch ID and we are already inside. If we have multiple accounts or users for the same site or service, as in this case, the same login dialog will allow us to choose which one we want to use.
Good. Now things get interesting. We are in front of a computer or device that is not ours and we want to connect
We select that we want to use an iPhone, iPad or Android device to connect and a QR code appears. Here we only have to go to the camera of our iPhone or iPad so that it recognizes the code and offers us to connect. As we normally would, we simply select the account we want to use and authenticate with Face ID or Touch ID. Automatically we will see that the session starts on the original device, the one that was not ours.
The truth is that with Passkeys, everything is a benefit. A system that leaves passwords behind and replaces them with something phishing resistant, which doesn’t need 2FA (because it already combines something we know, our private key, and something we have, our device), which cannot be filtered into attacks or security failures and, as we have just explained, it is really very comfortable to use. And also, based on a standard so that all browsers and devices will soon be supported. We can finally say goodbye to passwords.