Apple has finally introduced its new passkeys technology in a move to foster the development of passwordless authentication. With passkeys in iCloud Keychain, macOS and iOS users will get the option to log in to their accounts with just a username and a Face ID or Touch ID scan, which is promised to be easier, faster, and much more secure than traditional password-based logins and MFA.
What are passkeys in iCloud Keychain?
Passkeys represent a modification of the WebAuthn technology that was introduced by the FIDO Alliance, a global consortium with a mission to eliminate passwords altogether and enhance authentication with hardware or software security tokens.
Apple's approach embraces a fundamental part of WebAuthn API, working based on a public and private key pair.
In the company’s latest WWDC session in June 2021, Apple’s Authentication Experience Engineer Garrett Davidson announced the feature and covered how it works:
One of the biggest advantages of WebAuthn is it uses public/private key pairs instead of shared secrets…With public/private key pairs, instead of a password, your device creates a pair of keys. One of these keys is public; just as public as your username. It can be shared with anyone and everyone, and is not a secret. The other key is private. This private key is a secret and is protected by your device. Your device never shares this key with anyone else, not even the server. When you create an account, your device generates these two associated keys. It then shares the public key with the server.
You can watch the full session here and review the initial steps of connecting to a service with passkeys here.
Simply put, it takes just using a Touch ID or Face ID to sign in and while an Apple device generates and stores passkeys, and iCloud Keychain synchronizes them across user’s Apple devices. If a user's devices are lost, damaged, or stolen, accounts can be recovered through Apple's iCloud Keychain.
A test version of the new feature will be available in Safari 14, Apple’s latest web browser later this year.
Paving the way for the Password-free logins
Within the next few years, the number of web services offering passwordless options is expected to grow, and more companies will be seeking to enable FIDO authentication within their existing security infrastructure. While business organizations typically represent a complex multi-user environment with an abundance of users, devices, and operating systems, transition to passwordless can be quite a challenging task.
Hideez is one of the members of the FIDO Alliance that has a FIDO2 Server and offers a range of end client authentication methods. Our Hideez Enterprise Server supports both FIDO U2F and FIDO2 standards and can be used to manage both FIDO-compliant physical authenticators such as the Hideez Key and platform authenticators like ones integrated with Apple or Android devices within a single Hideez Enterprise Solution.
It is an easy-to-use and cost-effective solution that can help fintech, healthcare institutions, and other entities protect the sensitive data of their employees and comply with NIST authentication requirements and local security regulations.
If you’re interested in trying out our service or want to find out more about how Hideez can help your business, don’t hesitate to contact us and request a free personalized demo for your organization.