Skip to main content

Passkeys in iCloud Keychain could make automatic website login even easier

A password-less future could be even more convenient, thanks to the latest addition to the FIDO standard – which Apple brands as Passkeys in iCloud Keychain.

The proposal means that you could automatically log in to a secure website, for example, simply by having a second Apple device with you …

Background

Apple gave its backing to FIDO (Fast IDentity Online) back in 2020, and last year announced that testing was underway. The company calls its own implementation Passkeys in iCloud Keychain, but it is simply FIDO by another name.

We’ve previously explained how FIDO will work:

The Fido Alliance proposal is that trusted devices should replace passwords. This would work much the same way as Apple’s two-factor authentication (2FA) using Apple devices. When you try to sign in to a new Apple device with your Apple ID, the company sends a code to a trusted device and you enter that code.

With the Apple system, this is an additional step, but what the Fido Alliance wants is for a similar approach to this to replace passwords – and you wouldn’t need to enter a code.

For example, if you try to login to a website on your iPhone, you would enter only your username and it would then send an authentication request to one of your other registered devices, such as an Apple Watch. You could simply tap to authorize. Similarly, when accessing a service on your Mac, you would be able to approve it on your iPhone – and so on.

Passkeys in iCloud Keychain enhancement

While tapping your Watch or iPhone to authorize a login is already way better than having to enter a password, Wired reports that the latest proposal wants to eliminate even that much effort.

FIDO’s white paper also includes another component, a proposed addition to its specification that would allow one of your existing devices, like your laptop, to act as a hardware token itself, similar to stand-alone Bluetooth authentication dongles, and provide physical authentication over Bluetooth. The idea is that this would still be virtually phish-proof since Bluetooth is a proximity-based protocol.

In other words, this would work in exactly the same way as when your Apple Watch unlocks your Mac or iPhone, or your iPhone unlocks your Watch. You don’t need any additional verification, because you have already confirmed your identity by unlocking the first device.

So when you go to log in to a website on your Mac, for example, it would check that your iPhone or Apple Watch is within Bluetooth range, and – if so – go ahead and let you in without any action on your part.

It’s just a proposal at this stage, so we’ll have to wait and see whether it is agreed.

Photo: Michał Kubalczyk/Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications