Passwords are a big problem. More than 80 percent of hacks are caused by weak or stolen passwords, and people are terrible at managing them.
Forgetting often. Or we use our birthday or our name, and we mix capitalization and lowercase, and we end up with something that I know is a combination of the name and the birthday, but I can’t remember what the combination is.
Or use the same password for everything. Password managers like NordPass or iCloud keychains can help, but passwords are still fundamentally insecure. Keys in iCloud Keychain and the new standard WebAuthn would like to solve this problem, but can they really replace passwords?
Kristen Costa, CEO of Gadget Review, tells LifeWire in an email. “If Apple introduces it as the standard for its devices, millions of people will get used to it and other tech giants like Google will follow suit.”
The public key
The problem with passwords is that they need to be kept secret, but they also need to be shared. ICloud keys use something called Public Key Cryptography. This involves two bonds. Public keys can only lock things, so sharing is safe; A private key locks and unlocks data and never leaves your device.
When you register a website or service using iCloud Passkeys or WebAuthn, a new key pair is generated and the public key is shared with the service in place of the password. The problem is that you need to log in from your own device, and the security benefits are huge. If you already use password manager and two-factor authentication, you are already on the device on which the password manager application is running.
Another problem, however, is that if an attacker takes control of your device and can manage to access it, then this capability is broken. Fortunately, iOS and modern Macs are hard to crack, and stealing a phone is a lot harder than sending a phishing email.
The iCloud PassKey requires no password, making it more secure to log in.
WebAuthn works with the browser standard for password-less authentication.
Both WebAuthn and iCloud PassKey use public key encryption to perform this operation.
With iCloud PassKey, Apple is about to make passwords obsolete. Maybe it will.