What are passwords and how to use them on iPhone, iPad and Mac

With rampant attacks and cybersecurity threats in today’s digital age, it’s more important than ever to use strong passwords. But even if you use the strongest password, you are still susceptible to data leaks and attacks.

That’s why Apple plans to drop passwords in iOS 16 and macOS Ventura. Instead of passwords, you only need your fingerprint or face to authenticate you when you log in.

Below, I’ll cover everything you need to know about the Apple passkey, including how it works, which devices support it, and more.

What are Apple passwords and how will they replace passwords?

At WWDC 2022, Apple announced that it is working with the FIDO Alliance developers and industry partners such as Microsoft and Google to move towards a password-free future. As reported at the conference, both macOS Ventura and iOS 16 will have access keys.

Passkeys are unique digital keys or credentials that use biometric data – your Touch ID or Face ID – for a more convenient and secure login.

It works much the same way you sign in using your iCloud Keychain. You simply choose your credentials and authenticate with Face ID or Touch ID – no username or password required.

This security feature uses iCloud Keychain to sync across all your Apple devices so you can access your accounts from any device. Not only that, you can also use it with third party devices in close proximity.

Which devices will support passwords?

You can use Apple passkeys on Mac, iPhone, and iPad. You just need to sign in with your Touch ID or Face ID.

Passkeys can also be used on Apple TV and third-party devices by simply generating a QR code that can be authenticated with an Apple device.

Where can passwords be used?

For now, app and website developers need to add support for the FIDO standard before you can use Apple passwords to access them. This is unlikely to happen anytime soon, and it may take longer for third-party apps to roll out this feature.

How to Use Apple Passkeys on Your iPhone, iPad, or Mac

Creating and using passwords is very easy. First things first: make sure iCloud Keychain is enabled. If you already have iCloud Keychain on your device, you’re all set. If not, you need to enable iCloud Keychain first.

How to set up Apple passwords

You then need to set up passwords the first time you access an application or website that supports the FIDO standard. First, you will be prompted to register or create an account.

  1. Tap the “Register”or “Register”button. Enter your credentials, possibly your email account, your Apple ID, or username.
  2. You will be prompted to authenticate with Face ID or Touch ID.
  3. Your password has been created.

How to use Apple passwords to sign in

The next time you sign in to a website or app, you’ll be shown a prompt asking if you want to sign in using the saved password on your device. After you click Continue, your device will need your biometrics for authentication.

Use passwords on a non-Apple device

You no longer have to worry about accessing your accounts on third party devices, which is a problem for many users. You also don’t need to export your iCloud Keychain passwords to another location, because Apple passkeys promise convenient cross-platform work?

Keep in mind that the FIDO standard will apply to other platforms as well, including Google and Windows. That being said, you have a way to sign in on a device that doesn’t belong to you or doesn’t belong to Apple.

The catch with Apple passkeys is that you will need your Apple device to use this feature. So while you can sign in using a non-Apple device, your Apple device must be in close proximity, simply because this process will require a Bluetooth connection.

To use passwords on a non-Apple device:

  1. Log in to the website or app.
  2. Just select “More login options”and then generate a QR code.
  3. Scan this QR code with your device and authenticate with Face ID or Touch ID.

Notably, sending a photo of a QR code and scanning it with an Apple device when you’re away won’t work. Also, if you’re using another Apple device that doesn’t belong to you, you have the option to share a passkey via AirDrop.

Apple Password Security

Apple devices are generally well protected. However, you can still fall victim to social engineering and phishing attacks. Hackers can also directly hack into websites and gain access to all the passwords stored on their servers.

Apple Access Keys includes a Web Authentication API (WebAuthn) for a much stronger security measure. Authentication relies on a person’s biometric data to authorize using a “key”stored on the user’s device to access a website or application.

This process eliminates the need for one-time passwords (OTPs) sent via SMS, which can be easily forged by skilled hackers. According to Apple’s password support page, whenever you register for an account, your device will generate a unique cryptographic key pair that will be associated with each account you register on this site or app.

This key pair consists of a public key stored on the server and a private key stored on the person’s device—in the case of Apple devices, in the iCloud keychain, invisible to the user. Using WebAuthn, the user must prove to the server that they have the private key.

They need to use their Touch ID or Face ID to authorize the use of a passkey stored on their device. If the private key matches the public key stored on the server, the user is allowed access to the system. Phishing attacks are not possible with WebAuthn because your device will verify the site’s public key and cannot be tricked into sharing your password on a fake website.

Data leaks are also impossible because the server does not store the person’s password. This is different from traditional security measures where the server has both your username and password, and gives you access to the system when you show it the same key (i.e. enter your password).

How to recover your Apple password if you lose your device

As mentioned, the trick with using Apple passwords is that you need your Apple device to authenticate access to websites and apps. But what happens when you lose your device?

If you lose one of your devices, you can still access them through your remaining devices because your passwords are synced across your Apple devices.

However, let’s assume that you have lost all associated devices. In that case, you can still recover your access keys using iCloud Keychain Escrow, a secure infrastructure that prevents unauthorized users, even Apple itself, from brute-force attacks.

You’ll need your iCloud account, password, and your chosen phone number to which Apple will send the SMS. You will then need to enter your iCloud security code and authenticate using your device’s passcode.

Please note that you have a maximum of 10 attempts to authenticate and receive an escrow record. After a failed attempt, your escrow record and key fob will be destroyed and lost forever.

You can also set up an account recovery contact so you always have a way to access your account even if you forget your device password and Apple ID password.

Apple password release date

Apple first introduced passkeys as part of the macOS Ventura announcement at WWDC 2022. They are now available to developers on the Apple Developer website. However, it will be publicly deployed on iOS 16, iPad OS 16, and macOS Ventura in the fall.

If you’re worried about your security, you can check out our tips on how to keep your iPhone safe and secure while you wait for passwords to run.

Completion…

While using passwords seems complicated on pen and paper, it’s actually as easy as using Touch ID or Apple ID to sign in to a website or app. Only, it’s made much safer and more secure for you from the back end. What do you think about access keys? Share your thoughts below!

CDN CTB