Phasing Out Passwords: Apple To Automatically Assign Each User a Passkey

pcmag.com:

Apple is taking a big step to end traditional passwords by automatically enrolling users into the industry alternative known as passkeys. 

The company plans to do so when it launches iOS 17, iPadOS 17 and macOS Sonoma later this year, likely around September. Once they roll out, the operating systems will automatically assign a passkey to the user’s Apple ID, the company says. 

This means users won’t have to type in their Apple ID and password when signing into an Apple website. Instead, they can simply scan their fingerprint, face or type in a PIN code to unlock access, much like how existing smartphones can work.  

The change is already rolling out in the public betas for iOS 17, iPadOS 17 and macOS Sonoma, allowing test users to sign into iCloud and Apple.com with a passkey.  

Expanding the passkey use could help take the security technology mainstream. Currently, Apple already offers passkey support for third-party websites, but it’s up to customers to use it when many may have no idea the option even exists. The other problem is that not many third-party websites accept passkeys. But it now looks like Apple’s own websites are starting to support the security technology, joining the likes of Google. 

Passkeys work by creating a unique, private key that’s bound to your devices, whether it be a laptop or iPhone. The private key also never leaves the hardware. Instead, the website you’re signing into can issue a digital challenge, which the private key onboard your device can authenticate. To prove you’re you, and not a stranger, a passkey sign-in will simply ask you to submit a PIN code, or go through a fingerprint or facial scan. 

The resulting system promises to eliminate many of the security weaknesses to passwords,