Apple is working towards a passwordless future with the new iCloud Keychain “Passkey” feature, premiered during WWDC 2021.
In a WWDC developer session called “Move beyond passwords“, Apple showed a new feature called”passkey in iCloud Keychain“. The feature is available in testing on iOS 15 and macOS Monterey, but isn’t ready for full release yet.
Essentially, the passkey are pairs of private and public keys based on the WebAuthn standard. They work basically like one hardware security key, but they are securely stored in iCloud Keychain.
This means that users won’t have to carry hardware keys with them – their iPhone, iPad or Mac will contain passkeys. Additionally, passkeys will be synced across various devices, which means they will be recoverable even if a user loses all of their devices. Compared to traditional passwords, these passkeys offer a number of security advantages, as they cannot be found, cannot be reused between services and are not vulnerable to phishing or data breaches.
For users, passkeys will offer an easy and secure alternative to passwords. Once implemented, all a user will need to do is authenticate with Face ID to log in. Passkeys in iCloud Keychain would be usable wherever supported WebAuthn, which currently works in browsers and apps on Apple platforms, but there are still a few years to full adoption of the standard.
As mentioned above, the inclusion of passkeys in iOS 15 and macOS Monterey is only to allow developers to carry out the first tests, as this is not a feature that will be integrated immediately for end users. Apple says testing functionality in existing apps and workflows is only the first step of one “multi-year effort in password replacement“.
While users won’t be able to use passkeys right away, Apple has a suite of other security and privacy features in iOS 15 and macOS Monterey, which include a new built-in authenticator for two-factor logins, a private forwarding feature. which encrypts web traffic and hides a user’s IP address and a feature that will allow users to create proxy email addresses.