Apple is making you virtually unhackable with Passkeys — but there’s a catch (for now)

Apple Passkeys
(Image credit: Future)

Apple is bringing Passkeys to your Apple ID in iOS 17, iPadOS 17, and macOS Sonoma. This is a huge step forward for account security, and removes the need for a password altogether.

With the use of Face ID or Touch ID, you can now identify yourself quickly, securely, and easily to login to Apple’s own websites. This also works across devices too, meaning you can (like I've been able to, for example) activate a prompt to scan your face using your iPhone 14 Pro Max to login to an account on your M2 Pro MacBook Pro.

Announced back in 2022, this is the next logical step to a passwordless future, and with many companies rolling out Passkeys across their websites, this is another encouraging step towards that goal.

What is a Passkey?

Apple Passkeys

(Image credit: Apple)

Let’s get a quick explainer in here to catch everyone up. There’s been a lot of talk about Passkeys, but what are they?

In Apple’s own words, it’s a “cryptographic entity that’s not visible to you, and it’s used in place of a password.” In simpler terms, let’s look at the current login process of a website — a username and a password.

Somewhere on that site’s backend, this data will be stored, and no matter how protected it is, having all this private information in one place will make it susceptible to cyber attacks. Combine that with the common behavior of people using the same password across multiple attacks (please don’t do this), and hackers can gain access to a lot of your accounts.

A Passkey works differently. While there is one public key that is registered with the account you’re logging into, it will only be activated with a second key that is held privately on your devices only. This private relationship (or Key pair) forms an additional shield to outside attacks, and given these private keys never leave your device, there is no possibility of a website or app leak. 

It makes them virtually unhackable, and given these keys are not visible to you either, you don’t need to remember passwords.

What’s the catch?

iPhone 14 Pro concept

(Image credit: Twitter / Jeff Grossman)

It’s not so much a catch, as it is a “this is still only in beta” thing. It’s available to iOS 17, iPadOS 17, and macOS Sonoma users only, and present only on iCloud.com and appleid.apple.com at the moment.

If you are on these, you’ll see the prompt to “Sign in with iPhone,” which brings up a FaceID prompt on your phone to log straight in. In the future, you’ll see any website that uses the “Sign in with Apple” tool get this as well. On top of that, in my own testing, I saw the passkey prompt also appear in Google Chrome on my MacBook.

Given what we know about passkeys, this is going to be a fundamentally positive shift in security and convenience — there won’t be a need to remember a litany of passwords, or store them in a password-protected online vault that still faces the same risks of exploitation.

Outlook

Passkeys for your Apple ID are the future. There’s no doubt about that, and the public rollout in just a few months time is going to help vastly improve the security of your accounts.

Not to say they are completely impervious to cyber attacks. With Passkeys, every one of the sites that utilize them will have separate login credentials — meaning that hackers will be very busy having to steal all of your different keys, rather than attacking a weaker site to take one password and trying it across the board.

If you’re on any of the developer betas, you can try it out now on Apple’s own websites, which preludes a public rollout when iOS 17 formally launches alongside the iPhone 15 in September (most probably).

Jason England
Content Editor

Jason brought a decade of tech and gaming journalism experience to his role as a writer at Laptop Mag, and he is now the Managing Editor of Computing at Tom's Guide. He takes a particular interest in writing articles and creating videos about laptops, headphones and games. He has previously written for Kotaku, Stuff and BBC Science Focus. In his spare time, you'll find Jason looking for good dogs to pet or thinking about eating pizza if he isn't already.

Read more
Punk Pop-Art, scrapbook-styled image of a hand holding an iPhone 17 while activating the new Siri mode on a colorful background that includes a Siri-like waveform.
It debuted this year, but Apple Intelligence has 2 giant advantages to triumph in 2025
WWDC 2025 could mark the beginning of the end for certain iPhone users
The iPhone 6s home button
The iPhone 16e didn't kill the home button, it just anointed a new one
Images of Apple Intelligence from Apple September 2024 event
3 huge new Siri features are coming in early 2025 — here's what to expect
Apple micro-LED screens
Everything we're excited to see from Apple in 2025: New MacBooks, iPhones, iPads, and more
Ubar Taskbar App displayed on a 13-inch MacBook Air M3 open facing the camera on a wooden table
This hidden macOS Sequoia trick fixes one of your MacBook's most persistent quirks
Latest in Antivirus & Cyber-security
TP-Link routers targeted by Chinese state-sponsored cyber attacks
TP-Link routers may face nationwide ban after 'significantly alarming' link to US cyberattacks
What is a VPN kill switch — and why you should use one
You need a VPN for school, here are 3 services we recommend
The AMD Ryzen and NVIDIA RTX stickers on the Acer Nitro 17
'You basically have to throw your computer away': Researchers explain AMD 'Sinkclose' vulnerability, but do you need to worry?
Google Search
This malware is posing as Google Authenticator using Google ads — here's how to protect yourself
Windows 10 BSOD saying "It's not you, it's me."
Microsoft reveals CrowdStrike outage could have a surprising long-term impact on everyday users
MANILA, PHILIPPINES - JULY 19: Long queues of passengers form at the check-in counters at Ninoy Aquino International Airport, amid a global IT disruption caused by a Microsoft outage and a Crowdstrike IT problem, on July 19, 2024 in Manila, Philippines. A significant global outage affecting Microsoft services, particularly Microsoft 365, has caused widespread disruptions across various sectors, including airlines, banks, and health systems. The outage was attributed to a glitch in CrowdStrike's "Falcon Sensor" software, which impacted Windows systems, leading to thousands of flight cancellations and operational chaos in multiple industries. Microsoft has reported that the underlying cause of the outage has been fixed, but residual effects continue to impact some users as the company works on full recovery. (Photo by Ezra Acayan/Getty Images)
The CrowdStrike outage spotlights major vulnerabilities in the global information ecosystem
Latest in News
A close-up of a light-colored computer keyboard shows the keys T, Y, G, and H replaced by the logos of OpenAI, DeepSeek, Grok, and Gemini, the leading competitors in the artificial intelligence market. This serves as a visual metaphor for the intense rivalry and innovation in the AI industry. (Photo by Matteo Della Torre/NurPhoto via Getty Images)
Is generative AI inadvertently reducing the voices of many to the banality of one?
WWDC 2025 could mark the beginning of the end for certain iPhone users
Error when installing Google Chrome on the Asus Vivobook 16 Flip, on a white desk against a blue background.
"This app can't run on your PC": Google's Chrome Installer broke on Windows, but there's a fix
Nintendo Switch 2 handheld gaming console
Nintendo Switch 2 preorder date: It might be a lot closer than you think, say tipsters
Microsoft Surface Laptop (7th Edition, 2024)
Windows-on-Arm woes: Amazon warns customers about Surface laptop returns
Apple Watch Series 8
Siri is the biggest obstacle to making the Apple Watch an AI hit