![](\"https:\/\/media.wired.com\/photos\/629f69b6e2f439bf18df71e2\/master\/pass\/Apple-Killed-the-Password-Security-GettyImages-1371479120.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Matt Burgess| Date: Tue, 07 Jun 2022 15:10:14 +0000<\/strong><\/p>\n Matt Burgess<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n Your passwords are<\/span> terrible. Year<\/a> after<\/a> year<\/a>, the most popular passwords leaked in data breaches are 123456, 123456789, and 12345\u2014\u2018qwerty\u2019 and \u2018password\u2019 come close behind\u2014and using these weak passwords leaves you vulnerable to all sorts<\/a> of hacking<\/a>. Weak and repeated passwords are one of the most significant risks to your online life.<\/p>\n For years, we\u2019ve been promised a more secure, password-free future, but it seems like 2022 will actually<\/em> be the year that millions of people start to move away from passwords. At Apple\u2019s Worldwide Developer Conference<\/a> yesterday, the company announced it will launch passwordless logins across Macs, iPhones, iPads, and Apple TVs around September of this year. Instead of using passwords, you will be able to log in to websites and apps using \u201cPasskeys\u201d with iOS 16<\/a> and macOS Ventura<\/a>. It\u2019s the first major real-world shift to password elimination.<\/p>\n So how does it work? Passkeys replace your tired old passwords by creating new digital keys using Touch ID or Face ID, Apple\u2019s vice president of internet technologies, Darin Adler, explained at WWDC. When you are creating an online account with a website, you can use a Passkey instead of a password. \u201cTo create a Passkey, just use Touch ID or Face ID to authenticate, and you\u2019re done,\u201d Adler said.<\/p>\n When you go to log in to that website again, Passkeys allow you to prove who you are by using your biometrics rather than typing in a passphrase (or having your password manager enter it for you). When signing in to a website on a Mac, a prompt will appear on your iPhone or iPad to verify your identity. Apple says its Passkeys will sync across your devices using iCloud\u2019s Keychain, and the Passkeys are stored on your devices rather than on servers. (The use of iCloud Keychain should also solve the problem of losing or breaking your linked devices.) Under the hood, Apple\u2019s Passkeys are based on the Web Authentication API (WebAuthn) and are end-to-end encrypted so nobody can read them, including Apple. The system for creating Passkeys uses public-private key authentication to prove you are who you say you are<\/a>.<\/p>\n A passwordless system would be a significant step forward for most people\u2019s online security. As well as eliminating guessable passwords, removing passwords reduces the likelihood of successful phishing attacks<\/a>. And passwords can\u2019t be stolen in data breaches if they don't exist in the first place. (Some apps and websites already allow people to log in using their fingerprints or using face recognition, but these usually require you to first create an account with a password.)<\/p>\n Apple\u2019s Passkeys aren\u2019t entirely new\u2014the company first detailed them at 2021\u2019s WWDC<\/a> and started testing them shortly after\u2014and Apple isn\u2019t the only one that wants to eliminate passwords. The FIDO Alliance, a tech industry group, has been working on the underlying standards<\/a> needed to ditch passwords for almost a decade, and Apple\u2019s Passkeys are the company\u2019s implementation of these standards.<\/p>\n In recent months, FIDO has taken a series of important steps to bring the password\u2019s demise closer to reality. In March, FIDO announced it has figured out a way to store the store cryptographic keys<\/a> that sync between people\u2019s devices, calling them \u201cmulti-device FIDO credentials\u201d or \u201cpasskeys.\u201d<\/p>\n This was followed in May by Apple, Microsoft, and Google declaring<\/a> their support for the FIDO standards. Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, said adoption of the standards would keep more people safe online. At the time, the three tech giants said they would start rolling out the technology \u201cover the course of the coming year.\u201d Microsoft account owners have been able to ditch their passwords since September of last year<\/a>, and Google has been working on its passwordless technology since 2008<\/a>.<\/p>\n When all the tech companies have rolled out their version of passkeys, it should be possible for the system to work across different devices\u2014in theory, you could use your iPhone to log in to a Windows laptop, or an Android tablet to log in to a website in Microsoft\u2019s Edge Browser. \u201cAll of FIDO\u2019s specs have been developed collaboratively, with inputs from hundreds of companies,\u201d says Andrew Shikiar, the executive director of the FIDO Alliance. Shikiar confirms that Apple is the first company to start rolling out passkey-style technology and says this shows \u201chow tangible this approach will soon be for consumers worldwide.\u201d<\/p>\n Any success for a passwordless future depends on how it works in reality<\/a>. At the moment, there are unanswered questions<\/a> about what happens to your Passkeys if you want to ditch Apple\u2019s ecosystem for Android or another platform. (Apple hasn\u2019t yet responded to our request for comment.) And developers still need to implement changes to their apps and websites to work with Passkey. Plus, to gain trust in any system, people need to be educated about how it works. \u201cAny viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today,\u201d \u200b\u200bAlex Simons, the head of Microsoft\u2019s identity management efforts, said in May. In short: If cross-device systems are clunky or a pain to use, people may shun them in favor of weak but convenient passwords.<\/p>\n While Apple\u2019s Passkey and Google and Microsoft\u2019s equivalents are still some months away (at the very least), that doesn\u2019t mean you should idly keep using your weak or repeated passwords. Every password you use\u2014whether it\u2019s for a one-time account used to buy DIY supplies or your Facebook account\u2014should be strong and unique. Don\u2019t use common phrases, names of friends or pets, or personal information linked to you in your passwords.<\/p>\n Instead, your passwords should be long and strong. The best way to achieve this is by using a password manager, which can help you create and store better passwords. You can find our pick of the best password managers here<\/a>. And while you\u2019re thinking about your security, turn on multi-factor authentication for as many accounts as possible<\/a>.<\/p>\n