How does the “passkey”, this authentication system that will bury passwords, work?

Thanks to Apple’s new iOS 16 update, it will soon be enough to unlock your screen to connect to any site and application. An innovation that should soon be generalized.

Soon the end of forgotten or stolen passwords? Appel today launched “passkeys”, a new identification system that should relegate the use of cryptic passwords to guarantee the security of its accounts, thanks to their new operating system iOS 16, released this Monday September 12. A new Mac OS will allow Apple computers to benefit from this functionality from October.

Concretely, connecting everywhere will be as simple as unlocking your screen: each site that offers to use “passkeys” will ask the user if he wants to use them to authenticate. You will then have to use the usual method of unlocking the phone (PIN code, pattern, fingerprint or facial recognition) to validate the connection, explains the Fast Identity Online Alliance (FIDO Alliance) at the origin of this process.

The device will then create a pair of encrypted keys: one private, which remains in the device, and the other public, which is also stored by the site. Each time you visit the site, it will identify the device and pose a cryptographic problem, and again it will be enough to unlock your device to solve it.

A system that should be generalized in 2023

This system has many advantages: no more simple passwords, the difficulty of finding new ones that are quite complex, repeated forgetting… And above all the repeated use of the same password regardless of the platform, behavior that facilitates hacking.

Passkeys are the centerpiece of a new identification system developed by the FIDO Alliance and the World Wide Web Consortium. Apple, Google and Microsoft agreed in May to adopt this system which should allow Internet users to identify themselves on websites and mobile applications “without a password and in security, whatever the device or system. of operations”, according to the FIDO Alliance in a statement.

At the time, Google and Microsoft had also committed to implementing “passkeys” within twelve months, on all their products, operating systems (Android, Windows) as browsers (Chrome, Edge). Each device will have different “passkeys”, so you will have to scan a QR code with the registered device to connect from another. Websites and other applications that require the creation of an account will have to choose whether or not to offer this service to Internet users.

What if the phone is lost or stolen? The keys are stored in the cloud, but without a device from the same ecosystem (Apple or Windows), it will be impossible to recover them, explains The World. Andrew Shikiar, the executive director of the FIDO Alliance interviewed by the daily, explains that the complete copying of keys from one ecosystem to another is the subject of “a very active discussion at the moment”.

We would like to say thanks to the author of this write-up for this amazing content

How does the “passkey”, this authentication system that will bury passwords, work?

Take a look at our social media accounts as well as other related pages