- Tram Ho
With every Android or iOS update, we’re all waiting for upgrades and improvements to security and data protection. But are Google and Apple making their systems better protected?
This is a question we cannot answer at the moment. Especially when recently on hacker forums appeared people selling up to 100GB of data including 8.4 billion passwords collected from various attacks and data leaks.
And to solve this problem, Apple may have found a way, which is “death of passwords”.
Apple is working on more secure sign-in methods. Accordingly, Apple will try the new Passkey in iCloud Keychain on iOS 15 and macOS Monterey.
Apple doesn’t really “kill” passwords. In fact, when logging in to apps and platforms, the system will still require an authentication method using the username. In addition, the new system will use several methods to ensure that only legitimate owners can access it. So if you still use passwords for authentication, Apple will render them useless. Even if hackers steal your passwords, they won’t be able to use them.
Currently, Passkeys in iCloud Keychain are not available to users. This is why Apple didn’t detail the feature at WWDC 2021. But then Apple held a developer meeting and provided some details around the feature.
At the rollout, Apple said it wanted iPhone, iPad, and Mac users to be able to sign in through a username in combination with Face ID, Touch ID, or a physical security key. Theoretically, hackers can still access these authentication data. But in reality, it is very difficult.
In addition, all of these methods have the advantage that you don’t need to remember the password like before. Moreover, you can use these authentication data on many different applications and websites without worrying about it being stolen. Even if hackers take pictures of your face and fingers, hacking through Face ID and Touch ID is not easy.
Of course, Passkeys also have some downsides. If you lose access to your device using Face ID or Touch ID authentication, you will no longer be able to sign in to the app/service.
Besides, users will not be able to access the same online account from Android and Windows. There is currently no indication that Apple, Google, and Microsoft will create a common user authentication standard. However, the new feature works thanks to a common standard called WebAuthn. This is a standard that Apple, Google, and Microsoft all support.
The WebAuthn standard uses public-key cryptography to perform logins, which means that private credentials are stored on iPhones and Macs and are not easily stolen. The hardware only sends a signature that can verify the user’s identity.
The new Passkeys feature will be disabled by default in iOS 15 and macOS Monterey. Developers can enable this feature, and promises to have apps and services that support this handy sign-in feature in the near future.
Refer to Gizmochina
Source : Genk