Could passwords soon become obsolete? In a move sure to be welcomed by anyone who struggles to think beyond the easily-guessable ‘1234’ or ‘qwerty’, Apple is finally launching passwordless logins across its devices. It’s the first sign of real progress towards the much-promised password-free world.

 

  • When creating an account on an app or website, cumbersome codewords will be replaced by ‘Passkeys’, which generate new digital keys from Apple’s biometric tools, Touch ID and Face ID. Your face or fingerprint will then allow you to log in to that account in future.
  • Passkeys can sync across devices, are end-to-end encrypted, and are stored on devices rather than servers for enhanced security.
  • Crucially, Passkeys don’t complement passwords but eliminate them, minimising the risk of phishing attacks and data breaches. As such, it is a genuine passwordless authentication method (not one that masks a password behind biometrics)
  • As with all new technical innovations, standards are critical. The FIDO Alliance is creating standards for moving beyond passwords, and Apple, Google, and Microsoft support its output. Users of the latter have been able to stop using their passwords since September 2021.
  • These collaboratively developed standards pave the way for interoperability, meaning, for example, that users will be able to log in to a Mac using an Android phone. 
  • Despite the promise Passkeys hold, some questions remain. Will they be easier, faster, and more convenient to use than passwords? And will people trust Apple to handle their biometrics safely? If not, they simply won’t be the revolutionary tool Apple hopes.

 

Why does this matter for businesses?

  • While a password-free world may be on the way, its breakthrough depends on the quality of the user experience it provides. Until then, businesses will need to continue using unique and strong passwords in tandem with two-factor authentication - this remains the best way of maintaining security.

 

Read the full article.