Apple implemented sign-in with “passkeys.” in iOS 16 and MacOS 13 (FIDO)

Topic

New Reply

https://9to5mac.com/2022/06/07/passkeys-passwordless-sign-in-ios-16/

..Apple revealed that iOS 16 and macOS 13 finally enable passwordless sign-in with “passkeys.”

In fact, iOS 15 and macOS 12 are already compatible with FIDO Standard. However, the previous implementation requires the user to log into each app or website on each device before enabling a passwordless sign-in method. Now with Apple’s latest software, true passwordless sign-in has become a reality.

How passkeys work in iOS
For users, sign-in with a passkey will work pretty much the same as a sign-in using iCloud Keychain and Face ID or Touch ID. You just choose a credential, authenticate with biometrics, and that’s it. However, while iCloud Keychain basically auto-fills your username and password into regular text fields, a passkey goes far beyond that.

The system generates a unique key that can only be accessed with user authentication via Face ID or Touch ID. This prevents malicious websites from trying to steal your passwords since passkeys are securely stored in the iCloud Keychain and are not visible to the user….but what about other platforms? Since passkeys are based on the FIDO Standard, which is also being implemented on Android and Windows, there’s a way to sign-in to on a device that is not yours.

The other device generates a QR Code that can be read by your iPhone or iPad. iOS uses Face ID or Touch ID to confirm that it’s you who’s trying to sign in before confirming or denying the request to the app or website running on the other device. ..

1 user thanked author for this post.

windbg

Reply | Quote

Replies

So how do you sign in on a Windows Desktop computer that has none of that stuff?

(I have Windows 10 computer and Windows 8 computer – both desktops and iPhone 10R and Apple Watch ver 5). I have zero intention of replacing my desktop computers with Apple ones. I also have no intention of ever getting an Android phone. So, I need these two idiot companies to work together!

1 user thanked author for this post.

OscarCP

Reply | Quote

You wait for Microsoft to implement passwordless sign-in and QR for other OSs.

The other device generates a QR Code that can be read by your iPhone or iPad. iOS uses Face ID or Touch ID to confirm that it’s you who’s trying to sign in before confirming or denying the request to the app or website running on the other device. .

Reply | Quote

Microsoft implemented passwordless sign-in quite a while ago:

The passwordless future is here for your Microsoft account

Forget passwords, go passwordless

Password-less strategy

Reply | Quote

And it’s not using biometrics. It looks like something we have had in NASA for more than a year already, where one no longer needs to use passwords.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Alex5723 wrote:

You wait for Microsoft to implement passwordless sign-in and QR for other OSs.

I have Microsoft Authenticator since it first came out. It presents a HUGE problem though. I have a landline and an iPhone. Most of the time, I have my iPhone turned off. I am not dependent on it like younger generations are. I keep the ringer turned OFF at all times on my landline phone as I pay that monthly expense just for safety so I can easily call 911 if needed. My iPhone shoud NOT be needed for login anywhere. I do NOT use two factor authentcation and the day Apple forces it on all of us is the day I throw my iPhone in the trash.

I resent strongly that Microsoft has taken the horrible path to security. I have always believed since I got my first computer in 1999 that all older folks who did not grow up with computers should have been required to take and pass classes regarding using computers. I spent many, many hours learning about computers, the internet and safety, etc. There were a few classes here back then and I was lucky that my County offered classes free to those 55 and above. I took them BEFORE I bought my first computer. Then when I bought my first Dell XPS computer, I learned more and more and I still learn (although it is no longer much fun).

Basilisk was my default browser for many years and it was as near to perfect IMO as a browser could ever be. I stopped using Pale Moon as my default browser when Basilisk was offered. Now, with Basilisk done, as far as development, I have switched to Fx ESR. It’s ok but for me Basilisk even now runs circles around it. I got my first smart phone 3.5 years ago to use mostly for credit card payments as it has Face ID. (I don’t do credit cards on my computers). But I misplace it a lot and if it is not turned on (I turn it off every night) then I can’t ping it to find it.

I can’t login to Microsoft on Fx ESR latest version. I get a blank box and have for years on all my browsers. Maybe that is because my iPhone with Microsoft Authenticator is turned off? I should NOT need to turn on my iPhone in order to be able to login to Microsoft! All this c**p I have to put up with now is because this nation refused to insist that all computer users had to pass tests showing they were knowledgeable enough to use computers safely.

Reply | Quote

Exclusive: Apple just showed us how it will kill the password forever

Passkeys should truly make passwords obsolete in iOS 16 and macOS Ventura

Raise your hand if you hate entering passwords. Okay, now keep your hand raised if you happen to use the same password for multiple accounts or services. Yes, lots of people do this, and it’s a leading cause for users getting hacked.

Think about it. If someone can gain your password for a single service — either through a data breach, social engineering, or phishing attack — your identity and personal information could be compromised. This can lead to anything from people spying on baby cameras to hackers stealing money from your bank account…

What the heck are Passkeys and how do they work?

Passkeys are unique digital keys that are easy to use, more secure, never stored on a web server and stay on your device. The best part? Hackers can’t steal Passkeys in a data breach or trick users into sharing them…

Passkeys use Touch ID or Face ID for biometric verification, and iCloud Keychain to sync across iPhone, iPad, Mac, and Apple TV with end-to-end encryption…

“So say you’re someone who has an iPhone, but you want to go and log in on a windows machine. You’ll be able to get to a QR code that you will then just scan with your iPhone and then be able to use Face ID or Touch ID on your phone.”..

“This isn’t a future dream to replace passwords,” said Knight. “This is something that’s going to be a road to completely replace passwords, and it’s starting now.”..

* How much do we trust iCloud ? Up to now iCloud has never been hacked.

Reply | Quote

Interesting. So someone who has a bad accident and ends up with the face bandaged, maybe even seriously disfigured … or the accident is just a few cuts and it is taken care with a few band-aids placed somewhere inconvenient to the face-recognition whatchamacallit; or one has touch-recognition (an undefined term that sounds like it might mean fingerprint recognition, so let’s go with that) and either has a bad injury that destroys the fingerprints or, less catastrophically, these practically disappeared, for example as it sometimes happens with old people … then what?

So one has to be young-ish and with an unblemished face to be able to login anywhere?

(What happens to someone young, but with a bad case of acne where the pimples are not always in the same places, same numbers, same colors or sizes?)

So Apple will soon be making these wonderful ideas mandatory? Way to go, Tim!

And tell your company lawyers to sharpen their legal claws and hit the gym often and hard to be very fit, on account of all the lawsuits that are going to come and come and come, as thick as monsoon rain.

Just a thought.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

then what?

Then they use PIN/ password

*what happens if the user is mute, blind & deaf ?

Reply | Quote

I seem to have read the word “mandatory” somewhere …

Alex asked: *what happens if the user is mute, blind & deaf ?

Mute people can login using a keyboard, same as deaf people can. Blind people, with appropriate software, can use voice instead of typing on a keyboard.

Now people who are mute, deaf and blind all at the same time have, I would think, bigger problems than not being able to login somewhere. Unless they are like Helen Keller and have someone like Anne Sullivan as mentor and companion. In such a case, I don’t know what might happen.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

It can’t be “mandatory” until all apps / services for any OS implement FIDO.

Reply | Quote

From the “Tom’s Guide” article linked by Alex:

“Let’s say you sign up for a streaming service on your iPhone [or your Mac?] but need to log in on your Roku. What do you do when your Roku doesn’t have Touch ID or Face ID?

The other device generates a QR Code that can be read by your iPhone or iPad. iOS uses Face ID or Touch ID to confirm that it’s you who’s trying to sign in before confirming or denying the request to the app or website running on the other device.”

This finally makes sense of it all: it is a ploy to sell more iPhones and iPads!

And then what about all those statements about “killing passwords for good”? That makes me feel less confident than Alex is about one still being able to login with the Mac without biometrics validation or QR codes once FIDO comes around to Ventura. (Bad dog!).

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

, Apple Wants Passkeys to Replace Passwords: Here’s Where You Can Try Them Out Now With iOS 16 (iPadOS 16, or macOS Ventura)

..Passkeys will be more widely supported by apps and websites when ‌iOS 16‌ and ‌macOS Ventura‌ are released to all users this fall, but there are already some websites that support Passkeys. Here are just a few apps and websites that are starting to roll out support:

eBay
Best Buy
Cloudflare
Microsoft
Nvidia
PayPal
Carnival

Reply | Quote

Apps and websites supporting Apple’s Passkeys in iOS 16 and Monterey

KAYAK, Best Buy, eBay, CardPointers, and WordPress.com

https://9to5mac.com/2022/09/15/first-apps-that-support-passkeys-ios-16/#comments

Reply | Quote

1Password to support Passkeys in 2023.
Current 1Password users can run a demo.

The passwordless experience you deserve

Imagine being able to get things done online without passwords getting in the way. Passkeys unlock a new, simpler approach to signing in that works wherever you do – across any device, anywhere in the world. Passkeys are coming to 1Password in early 2023, but we’re excited to share an early look with you today.

Reply | Quote