A password-less future could be even more convenient, thanks to the latest addition to the FIDO standard – which Apple brands as Passkeys in iCloud Keychain.
The proposal means that you could automatically log in to a secure website, for example, simply by having a second Apple device with you …
Background
Apple gave its backing to FIDO (Fast IDentity Online) back in 2020, and last year announced that testing was underway. The company calls its own implementation Passkeys in iCloud Keychain, but it is simply FIDO by another name.
We’ve previously explained how FIDO will work:
The Fido Alliance proposal is that trusted devices should replace passwords. This would work much the same way as Apple’s two-factor authentication (2FA) using Apple devices. When you try to sign in to a new Apple device with your Apple ID, the company sends a code to a trusted device and you enter that code.
With the Apple system, this is an additional step, but what the Fido Alliance wants is for a similar approach to this to replace passwords – and you wouldn’t need to enter a code.
For example, if you try to login to a website on your iPhone, you would enter only your username and it would then send an authentication request to one of your other registered devices, such as an Apple Watch. You could simply tap to authorize. Similarly, when accessing a service on your Mac, you would be able to approve it on your iPhone – and so on.
Passkeys in iCloud Keychain enhancement
While tapping your Watch or iPhone to authorize a login is already way better than having to enter a password, Wired reports that the latest proposal wants to eliminate even that much effort.
FIDO’s white paper also includes another component, a proposed addition to its specification that would allow one of your existing devices, like your laptop, to act as a hardware token itself, similar to stand-alone Bluetooth authentication dongles, and provide physical authentication over Bluetooth. The idea is that this would still be virtually phish-proof since Bluetooth is a proximity-based protocol.
In other words, this would work in exactly the same way as when your Apple Watch unlocks your Mac or iPhone, or your iPhone unlocks your Watch. You don’t need any additional verification, because you have already confirmed your identity by unlocking the first device.
So when you go to log in to a website on your Mac, for example, it would check that your iPhone or Apple Watch is within Bluetooth range, and – if so – go ahead and let you in without any action on your part.
It’s just a proposal at this stage, so we’ll have to wait and see whether it is agreed.
Photo: Michał Kubalczyk/Unsplash
FTC: We use income earning auto affiliate links. More.
Comments