In 2020, Apple joined FIDOa consortium that brings together major companies, gathered around the goal of developing and implementing alternatives to passwords, which are today the main method used for logins.
Although it was an advertisement expected for next yearApple announced the implementation of a system that replaces passwords with an authorization mechanism through trusted devices.
Apple’s solution to password insecurity
Passwords are a big security problem in an important part of digital platforms. Beyond the safeguards that can be taken from the operational base of these services, recent measurements have shown that by users, combinations such as 123456, “123456789”, “12345”, “qwerty” and “password” are among the most used passwords worldwide. Such predictable sequences represent a significant risk for the digital activity of any person.
The idea of replacing passwords with a more secure alternative has been around for years. Companies such as Amazon, Facebook, Google, Intel, Microsoft and Samsung, in addition to other companies that go beyond the purely technological sector, have also joined these efforts, through the aforementioned FIDO Alliance.
At the recent WWDC 2022, Apple’s Worldwide Developers Conference, the company announced that it will implement password-less login systems on Mac, iPhone, iPad, and Apple TV, around September of this year.
Instead of using the traditional alphanumeric passwords, this mechanism will allow you to log in to websites and applications using “Passkeys”, from devices with iOS 16 and macOS Ventura.
These “Passkeys” are single-use access keys, which are generated through devices linked to the Apple ID with which you intend to log in. To authorize the creation of these temporary access codes, it is necessary to validate the requests using the biometric identification mechanisms that Apple has in its devices: Touch ID or Face ID, as appropriate.
After the announcement, released at WWDC 2022 by Apple’s vice president of Internet technologies, Darin Adler, the company incorporated this new system into its support documentation.
With this announcement, Apple made official the first big tangible change in the purpose of removing passwords. As it is limited to latest generation devices, the transition to this system could be somewhat slow, depending also on the speed with which developers adopt this proposal in their portals or applications.
Another decisive factor in this transition will be how the rest of the industry adopts similar security measures, in order to massively validate this new dynamic.