Apple Aiming to Eliminate Passwords With Face ID/Touch ID Passkeys
Apple is developing a new passkey feature that will allow customers to use Face ID and Touch ID-based account authentication in lieu of a password, Apple engineer Garrett Davidson explained today in a WWDC developer session (via CNET).
"Passkeys in iCloud Keychain," a feature in iOS 15 and macOS Monterey, stores a new WebAuthn credential called a passkey in iCloud keychain. It's used instead of a password for account creation and login, with one-tap login.
When you create an account using a passkey, there is no password to deal with. You can access that account with just a login and authentication through Touch ID or Face ID.
No password is required because your Apple device handles the generation and storage of the unique passkey used for the site, so login is just a matter of entering a username and authenticating. Passkeys are end-to-end encrypted and synced across all of your Apple devices thanks to iCloud Keychain. Since everything is stored in iCloud Keychain, credentials are preserved even if Apple devices are lost or stolen.
Passkeys are more secure than most password plus two-factor authentication solutions, and developers can easily implement support for logins via passkeys.
At the current time, passkeys only work with Apple devices, so Apple is talking to partners at FIDO and the World Wide Web Consortium about a wider solution that would allow users to eliminate passwords across non-Apple devices as well.
Passkeys in iOS 15 and macOS Monterey are designed for testing and are not for production accounts as Apple tests the feature. Apple is allowing developers to test passkeys as part of a multiyear effort to replace passwords.
The emphasis of this preview is the authentication technology, an iCloud Keychain-backed WebAuthn implementation. An industry-wide transition away from passwords will need thoughtful and consistently applied design patterns, which are not part of this preview.
Passkeys can be seen in greater detail in Apple's full WWDC session "Move beyond passwords."