We know the problems with passwords: they’re easy for you to forget and easy for hackers to guess or brute force or download from public data leak. That’s why tech companies are rushing to replace them with something more secure, which in most cases means the biometrics you use to unlock your phone.
While it is not technically impossible for a determined third party to circumvent a security measure, you cannot mistakenly type your fingerprint into a fake banking website, and you are unlikely to find your face available for download. on the dark web. The risk of being hacked decreases considerably.
There are several approaches to making systems passwordless, and in the latest iOS 16 and iOS 16.1 updates, a technology called passkeys has been added. These access keys are cryptographic items that involve a pair of keys: one key is public, saved with the application or site you connect to, and the other key is private and stored on your devices.
This is by no means an exclusive approach to Apple devices, and just about everyone is getting on board with passkey technology (or something like that). Google is at a slightly different stage of implementing these systems than Apple, although support is also required from apps and websites.
This article will walk you through the new features available on iPhone plus also explain what is coming to android phones.
G/O Media may receive a commission
Passkeys on iOS
When it comes to iOS, passkeys work through iCloud Keychain, so you must have this activated on your iPhone (to sync passwords and other data between devices). You must also use two-factor authentication for your Apple ID, which you absolutely must enable anyway if you haven’t already. Once you have completed these steps and installed the latest iOS software, you are ready for access keys.
To actually use Security Keys, you need to sign in to (or create a new account for) a service that supports Security Keys. The choice is quite limited at the moment, but apps such as PayPal, eBay and the Kayak travel app already offer a passkey option. When you create new accounts or sign in to existing accounts on an iPhone using these apps, you will be asked if you want to. to create a password.
All you have to do when the password prompt appears is faucet Continue (the other possibility, Record on another device, is used when using a public or shared device). You will be asked to provide Face ID or Touch ID confirmation, and once that is done, you are ready, your password is created. When you need to log in to this app in the future, you will need to confirm that you want to use a password and then use your face or fingerprint again.
Since iCloud Keychain manages the synchronization of access keys between different devices, you can recover your credentials if you lose access to one of them. There is also a recovery process in place to help you recover your information if you lose access to all your devices at once. In theory, at least the new system should be both more convenient and safer for end users.
Passkeys on Android
On Android, Google is slightly behind Apple with passkey support, but not by much. As on iOS, it will take some time before all your favorite apps, sites and digital services are upgraded to work with passkeys, but google says that Android and the Chrome web browser are now compatible with the feature in beta form. By the end of 2022, it should to arrive in the stable software that most of us use.
When it gets here, it will work the same as on iOS. Load up a password-ready app or website, try to sign in or create a new account, and you’ll see a prompt asking if you want to use a password. Say yes, confirm your identity using whatever technology your phone has to protect its lock screen (usually a fingerprint sensor if you’re on Android), and you’re good to go.
The connection will work in a very similar way. You can also sign in to apps and sites on other devices using passkeys and your Android phone: those apps and sites will display a QR code, which you can then scan on your smartphone. The same verification process is initiated, and when your phone has confirmed that you are who you claim to be, this will be communicated to the other device.
Google Password Manager is also adding support for passkeys, which means your encrypted logins will be synced wherever your Google Account is used. As is the case today, how often you need to verify your identity will depend on the app and the site: probably every time you open your banking app, for example, but not so much when you social media browsing.