The times of drawing patterns or typing PIN codes to unlock access to the phone are gone forever. Most users use fingerprint or Face ID scanners on iPhones which allow encryption with face scanning. These are convenient forms of securing devices that have replaced the irritating ones. I can’t imagine drawing a pattern dozens of times a day …
A future without passwords doesn’t stop there, however. Passkeys is another novelty that is already revolutionizing this area and will make logging into the services of various companies even more enjoyable. Let’s see what Apple and Google have done in this aspect and how it works.
Advantages of passkeys
According to the industry’s biggest giants (Apple, Google, and Microsoft), passkeys are easier to use than passwords and much more secure. Access keys provide users with a simple and secure way to log in to applications and websites across platforms – without the need for passwords.
The advantages of passkeys are:
- Simplified login without passwords. Saving and using passkeys is quick and easy with one-step account creation and logging in with a fingerprint scanner or Face ID. The user will no longer have to create passwords and remember them. The access keys are synchronized with the keychain and can be activated on different devices. For example, you can use your smartphone to sign in to apps and websites on different hardware.
- New generation account security . Passkeys were created on the basis of the FIDO Alliance and W3C standards. They replace passwords with pairs of cryptographic keys, which greatly improves security. Each key is strong and cannot be guessed or reused. It is also safe in case of server leaks. It is also not a threat in the event of phishing attacks. Passkeys are inextricably linked to the application or site they were created for, so people will never be tricked into using the key to log into the fake application or site. Passkeys provide a strong, private relationship between a person and an app or website.
- They work together with passwords. The transition to access keys is seamless. This allows users to use passwords along with passkeys and not have to customize the login page based on the type of credentials.
It is also worth adding that passkeys cannot be stolen. In addition, access keys on users’ phones and computers are archived and synchronized via the cloud to prevent locking in the event of loss of the device.
Passkeys for iOS
Apple introduced passkeys to iOS 16 . So you can try them, for example, in the iPhone 14 line. After you set up the keys to a site or application, they are stored on the phone or personal computer used to configure them. Services like Apple iCloud Keychain or Google Chrome Password Manager can sync keys across user’s devices.
How does it work in practice? On iOS 16, all you need to do is use Face ID to authenticate your password when prompted by a website or app to set it up. That’s it actually! When using the phone, the option to authenticate with a key will appear when you try to log in to the application. Just choose it and enjoy the security of passkeys. Please note that passkeys on iPhone require the use of iCloud Keychain. If you’re trying to keep a key and you don’t have this feature turned on, you’ll be prompted to turn it on. Keys also require the use of two-factor authentication with your Apple ID.
Depending on the site, browser, or application, signing in with a key usually involves the following steps:
- Touching the account name field on the login page of the website or application,
- Clicking on the suggested account at the bottom of the screen or above the keyboard,
- If your iPhone has a Touch ID, follow the on-screen instructions to verify your identity. Otherwise, your identity will be verified using Face ID.
For websites, you should see an access key option next to the username field. Once you have the password on your phone, you can use it to log in, for example, on a laptop.
Passkeys in Google applications and services
Google is behind passkeys. The giant only announced their introduction on Android and Chrome on October 12. For now, Google allows you to take advantage of two key functions:
- Create and use passkeys on Android devices that are securely synced with Google Password Manager.
- For developers – Lets you create password support on your sites for Chrome end-users via the WebAuthn API for Android and other supported platforms. Developers can try this feature by signing up for the Google Play Services Beta and using Chrome Canary.
It is worth adding that both functions are to be available to everyone later this year.
Google wants to create an API for native Android applications later this year. For the end user, creating passkeys will require:
- Confirmation of information about the access key account,
- Scan your fingerprint, face, or screen unlock.
Logging in will be just as easy:
- The user selects the account to which he wants to log in,
- Scans your fingerprint, face, or unlocks the screen when prompted.
The key on the phone can also be used to log in to a nearby device on a MacBook or Windows laptop. As access keys are based on industry standards, this works across platforms and browsers – including Windows, macOS and iOS, and ChromeOS, with a unified user interface.