In a bid to eradicate the need for passwords, Apple is finally embracing FIDO Alliance’s WebAuthn protocol to develop what it is calling “Passkeys in iCloud Keychain”.
In the recently concluded WWDC, Apple highlighted this new authentication technology and stated its primary purpose is to help users sign in to supported apps and websites using FaceID or TouchID. You will no longer need to enter a password to sign up or sign in with this technology.
Apple will be doing this with the help of passkeys. Passkeys are WebAuthn credentials to help users to log in to apps using biometric means such as FaceID and TouchID on their iPhones, Macs, and iPads. These Passkeys are end-to-end encrypted and will be stored in iCloud Keychain.
According to Apple, Passkeys use public/private key pairs and hence don’t require servers for storing authentication secrets.
So how will it work? When you sign up for a new account using Passkeys, you will need to specify the username. Instead of a password, your Apple device will suggest saving a Passkey for your account. This step will require you to authenticate with FaceID and then your account is created without the need to create any password that you may end up forgetting.
This Passkey will be stored in the iCloud Keychain. You will then be able to sign in to the app by authenticating with FaceID. Passkey will also work on the web for Apple devices across all browsers on supported sites.
This would not be possible if not for the authentication technology which is an iCloud Keychain-backed WebAuthn implementation. Apple says that the Passkeys in MacOS, Monterey, and iOS 15 is only meant for testing and not for production accounts as of now.