Apple's Passkeys will help stop phishing attacks for good

Apple Passkeys
(Image credit: Apple)

Apple announced a new way to sign in to your online accounts with Passkey, and it will keep hackers at bay without the need for a password — and it works on non-Apple devices.  

During Apple's WWDC 2022 keynote, the Cupertino tech giant revealed a slew of new features arriving on macOS Ventura, with its biggest push towards security being the introduction of Passkeys. It allows users to create a unique digital key to log in to online accounts and apps using Touch ID or Face ID to authenticate their identity. Instead of a password, you're using a MacBook's biometrics instead.

It isn't just available on devices like the upcoming M2-powered MacBook Air 2022 and 13-inch MacBook Pro, but also on iPhone, iPad, and Apple TV. This further extends the ability to simply use fingerprint or face recognition across a number of websites and apps, leaving behind the use of complicated (or way too simple) passwords. What's more, Passkeys are synced across a user's Apple devices via iCloud Keychain. 

(Image credit: Apple)

Going passwordless 

This push for a common passwordless sign-in standard is in line with the FIDO Alliance as a way to protect against phishing attacks and malicious hacking methods. Phishing scams have seen a rise over the past few years, including a WhatsApp voicemail spoof stealing user credentials earlier this year. 

Hackers don't just track individuals either, as they can breach websites to access all passwords stored. In fact, a recent study found nearly 50% of passwords are stored in shared office documents in select IT, security, and cybersecurity companies. With Passkeys, however, the unique credentials stay on the device, and can only be accessed by the user.

This isn't the first we've heard of passwordless sign-ins. Google announced it will also be joining the transition from password-only authentication with a simple phone unlock. Coming to Android and Chrome, your smartphone will store a FIDO credential called a passkey, which is used to unlock your online account.

These passkeys work cross-platform, too. As Apple notes, "you can walk up to a non-Apple device and sign in to a website or app using just your iPhone." With Apple, Google, and Microsoft on board, passwords may very well be extinct soon. 

(Image credit: Apple)

Password manager LastPass is also now letting users log in to their LastPass vault without the need for a password via the LastPass Authenticator app. Passwords are clearly getting the boot, and we can see why as it only takes under 1 second for hackers to crack these passwords. We're interested to see how Passkeys will integrate into how we access accounts, especially if they put a stop to phishing attacks once and for all. 

Darragh Murphy
Editor

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.