Apple is bringing Passkeys to your Apple ID in iOS 17, iPadOS 17, and macOS Sonoma. This is a huge step forward for account security, and removes the need for a password altogether.
With the use of Face ID or Touch ID, you can now identify yourself quickly, securely, and easily to login to Apple’s own websites. This also works across devices too, meaning you can (like I've been able to, for example) activate a prompt to scan your face using your iPhone 14 Pro Max to login to an account on your M2 Pro MacBook Pro.
Announced back in 2022, this is the next logical step to a passwordless future, and with many companies rolling out Passkeys across their websites, this is another encouraging step towards that goal.
What is a Passkey?
Let’s get a quick explainer in here to catch everyone up. There’s been a lot of talk about Passkeys, but what are they?
In Apple’s own words, it’s a “cryptographic entity that’s not visible to you, and it’s used in place of a password.” In simpler terms, let’s look at the current login process of a website — a username and a password.
Somewhere on that site’s backend, this data will be stored, and no matter how protected it is, having all this private information in one place will make it susceptible to cyber attacks. Combine that with the common behavior of people using the same password across multiple attacks (please don’t do this), and hackers can gain access to a lot of your accounts.
A Passkey works differently. While there is one public key that is registered with the account you’re logging into, it will only be activated with a second key that is held privately on your devices only. This private relationship (or Key pair) forms an additional shield to outside attacks, and given these private keys never leave your device, there is no possibility of a website or app leak.
It makes them virtually unhackable, and given these keys are not visible to you either, you don’t need to remember passwords.
What’s the catch?
It’s not so much a catch, as it is a “this is still only in beta” thing. It’s available to iOS 17, iPadOS 17, and macOS Sonoma users only, and present only on iCloud.com and appleid.apple.com at the moment.
If you are on these, you’ll see the prompt to “Sign in with iPhone,” which brings up a FaceID prompt on your phone to log straight in. In the future, you’ll see any website that uses the “Sign in with Apple” tool get this as well. On top of that, in my own testing, I saw the passkey prompt also appear in Google Chrome on my MacBook.
Given what we know about passkeys, this is going to be a fundamentally positive shift in security and convenience — there won’t be a need to remember a litany of passwords, or store them in a password-protected online vault that still faces the same risks of exploitation.
Outlook
Passkeys for your Apple ID are the future. There’s no doubt about that, and the public rollout in just a few months time is going to help vastly improve the security of your accounts.
Not to say they are completely impervious to cyber attacks. With Passkeys, every one of the sites that utilize them will have separate login credentials — meaning that hackers will be very busy having to steal all of your different keys, rather than attacking a weaker site to take one password and trying it across the board.
If you’re on any of the developer betas, you can try it out now on Apple’s own websites, which preludes a public rollout when iOS 17 formally launches alongside the iPhone 15 in September (most probably).