what are Passkeys and when can we use them

Apple already goes to great lengths with iCloud Keychain to keep our passwords in sync and secure, suggesting complicated strings so no one can guess them with little effort. But of course, there’s no point if someone breaks into a service’s database and accesses the database of those passwords.

That’s why Apple, Google and Facebook (and the rest of the companies that make up the FIDO Alliance) have joined forces to offer the Passkeys or access keys

a more advanced identifier to be able to access portals and web services and which will be available with iOS 16. Let’s see what it is.

Our biometric information will be the key

When browsing with Safari on iPhone and want to sign in to certain services, iOS 16 will offer to generate a passkey instead of a password. We will only have to enter an email and a series of cryptographic keys mixed with our identification via Touch ID or Face ID

they will take care of the rest.

The result will be that to access this service we will only need to use Touch ID or Face ID, and no one will be able to obtain a password if the servers of the service are attacked, since the keys are stored encrypted under our biometric information and therefore cannot be decrypted. No more need to change the password in case of service attack

over which we cannot do anything on our part, and the days of SMS double authentication codes are gone, which remain vulnerable to attacks from Phishing and SIM card duplication.

These access keys seek to be the new security standard that is eventually replacing passwords over time, and can be used on any device (even Android or Windows) through business collaboration. It’s going to be a long road, but it can be extremely beneficial in the long run.