Passkeys Explained, and How to Use Passkeys (2022)
What are Passkeys?
Passkey is a new standard based on the Web Authentication API (WebAuthn), designed to use public-key cryptography for authenticating apps and websites. Passkey enables your device to store private key information and use it to generate signatures to let you authenticate against a web server resulting in a seamless and secure password-less sign-in experience.
Instead of relying on passwords or two-factor authentication codes, Passkey leverages Face ID or Touch ID to the best effect to let you verify your identity and sign in. Yeah, Passkeys (subject to the full implementation) have brought an end to passwords. That means you will no longer need to create passwords, spend your precious time managing your secret codes, and curse your memory for forgetting the passwords.
How do Passkeys Work?
Before getting to know how Passkeys work, let’s briefly understand how passwords function as it would help in differentiating the two authentication methods.
Passwords are sent over the network and put through a hash function. The hash is then stored in the database. When you sign in, the hash is compared with the hash that’s available on the server. And they must match to allow a user access to the account. For additional security, passwords require you to verify your identity through two-factor (2-step) authentication.
Passkeys generate a unique pair of related keys: Public and Private keys. While the public key is stored on a web server, the private key is stored on your device.
Since the public key is basically a username, there is no need to worry about its security as it can’t be exploited like a copy of your password stored on a server. That’s also the reason why it is not kept secret.
As for the private key, it is stored on your device and never leaves. Moreover, your private key is kept in the iCloud Keychain and remains locked in order to ward off tracking and phishing attacks. Neither you nor the server knows anything about the private key, which means there is no question of compromise or exploitation.
Now, when you go to sign in to your account, your Passkey generates a signature and sends it to the server to validate your identity. The server then validates your signature using the public key, which it already has, and allows access to your account. It not only eliminates the need for second-factor authentication through codes but also ensures your private key never leaves your device. And that’s exactly what makes Passkeys a better option than passwords.
Why are Passkeys More Secure?
Passkeys rely on Bluetooth to work securely, unlike the two-factor authentication that uses Wi-Fi. With the access to Bluetooth, Passkeys are able to get both close physical proximity and also verify that it’s actually the user who is trying to sign in to the account.
Knowing that Passkeys are always locked and never leave your device, hackers will need to have physical access to your device and must authenticate your identity using Face ID/Touch ID to unlock it in order to break into your account. That’s one heck of a challenge, isn’t it? Let alone others, even you will never know your Passkey. If that’s not enough, Passkeys are also shielded by robust end-to-end encryption to further cut down any possible foul play.
On the contrary, passwords are stored on a server and heavily depend on two-factor authentication codes for secure sign-in. In an age where sensational website leaks have become the order of the day and verification codes are always under threat, it’s high time we said goodbye to both passwords and 2FA.
How to Create a Passkey on iPhone
Creating a Passkey on iPhone is extremely easy. Basically, websites that support Passkeys will automatically show a prompt asking you if you want to save a Passkey for signing in to them. Here’s the process that you’ll follow in order to create a Passkey on your iPhone.
When you’re registering on a website that has added support for Passkeys, you will get a popup such as “Do you want to save a passkey for
Tap on ‘Continue’ and authenticate using Face ID/ Touch ID to save your Passkey to your keychain.
Knowing that Passkeys work in sync with iCloud Keychain, ensure that you have enabled the built-in password manager.
Go to the Settings app on your iPhone. After that, tap on your profile and choose iCloud.
Now, tap Passwords and Keychain, and then make sure the toggle for Sync with this iPhone/iPad is turned on.
How to Create a Passkey on Mac
Setting up a Passkey on Mac is just as easy.
Navigate to the site/app where you want to use Passkey and then register your account as usual.
Now, you will get a popup asking you whether you want to save a Passkey. Click Continue with Touch ID and authenticate. Note that if your Mac does not support Touch ID or if you don’t use it, you will need to authenticate using your administrator password. Do it and your Passkey will be ready for this site.
How to Use Passkeys on iPhone
Once you have created your Passkeys, you can use them with ease.
Navigate to the app or site where you want to sign in, and tap on the Sign In button. A popup will now show up from the bottom saying, “Do you want to sign in to ‘Site/App’s name’ with your saved passkey for ‘Username”? Tap Continue. Authenticate with Face ID/Touch ID and you are all set!
How to Use Passkeys on Mac
Navigate to the app/site where you want to use a Passkey and click on ‘Sign In’.
Now, you will get a prompt to sign in using your Passkey. If you have set up Touch ID on your Mac, use it to authenticate your account.
If your Mac does not support Touch ID or you do not use it, click Other Sign-In Options.
Now, select the “Use passkey from a device with a camera” option.
Next, you will get a prompt to scan the QR code using your iPhone/iPad.
When you scan the code, you will get options for all the Passkeys saved in your iCloud keychain for that website. Simply pick the one you want, and tap ‘Continue’.
Authenticate using Face ID/ Touch ID and that’s it. You will be signed in with your account on the website.
How Do Passkeys Work on Android and Windows Devices?
Recently, the FIDO Alliance announced that Apple, Google, and Microsoft have committed to support its new password-less authentication method named “FIDO Standard”. With Passkeys, Apple has already given a go-ahead to the passwordless sign-in. As FIDO Standard is also being implemented on Android (as recently announced on Google I/O 2022) and Windows devices, you will be able to use Passkeys on non-Apple devices as well.
Coming back to the question as to how Passkeys work on Android and Windows devices and more importantly whether or not it provides the same level of security on other platforms. Well, when you try to sign in to your account on other devices, you are prompted to scan a QR code using your iPhone or iPad. After that, Passkeys asks you to authenticate your identity using Face ID/Touch ID to ensure it’s you who is attempting to log in to the account. In a nutshell, the process of using Passkey on Windows or Android is almost the same as it is on Mac without Touch ID.
A Look at Key Benefits and Limitations of Passkeys
Can You Use Passkeys in iOS 15 and macOS 12?
Yes – to a very limited extent. Even though macOS 12 and iOS 15 are also compatible with FIDO Standard, the previous method first requires you to sign in to each app and website on each of your devices before providing a passwordless login-in experience, which doesn’t feel all that seamless in practice.
How Do Passkeys Sync with Other Devices?
Passkeys sync across Apple devices linked with the same account through iCloud Keychain. Hence, so long as you are signed in to your devices with the same iCloud account, all your Passkeys will be available everywhere for you to use.
How Do You Share Passkeys with Others?
You can share your Passkeys just as the way you share your passwords using AirDrop. Considering Passkeys are also stored inside iCloud Keychain, you can easily keep a track of them and share with ease. Simply, head over to the Passkey you want to share (inside the Keychain entries) -> tap the share button -> tap the nearby device, and you are pretty much done.
What If You Can’t Authenticate Your Passkey Using Face ID/Touch ID?
Whether you do not have physical access to your device or you can’t authenticate your passkey using Face ID/Touch ID, you can verify your identity using other sign-in options such as password.
Will Password Managers Be Also Dead?
Now that passwords are seemingly dead, will password managers also become useless? To remain in sync with the time, leading password managers have already announced support for FIDO Standard. So, you can expect them to let you manage and use all your Passkeys more conveniently. Though it would be interesting to see how they transition to this new role and whether or not they remain as relevant as they are today.
When Will Passkeys Be Fully Implemented?
Now that Apple has handed over the Web Authentication API to developers, it entirely depends on them to make their apps and websites compatible with the passwordless sign-in method. Just like any other new technology, it will take some time to get implemented across the board. Hopefully, Passkeys’ implementation goes much faster than that of Dark Mode (introduced in iOS 13) which is not yet supported on all websites.
Sign In Faster and More Securely Using Passkeys
Dealing with passwords is a pain, and Passkeys may be the way out of the mess. Since Passkeys are going to work across Apple devices, as well as with Windows and Android devices, there’s a high chance that we might get rid of the annoying passwords once and for all. Google is expected to roll out support for Passkeys within the year, and since Passkeys are based on the FIDO authentication, they should be pretty much standard across the web and your devices. So, what do you think about the new password-less future? Let us know in the comments.