Q&A with the passkeys team

1 year ago 6

Get acceptable for a satellite without passwords.

Passkeys are a replacement for passwords, offering a faster, easier, and much unafraid sign-in acquisition for your apps and websites. They’re strong, resistant to phishing, and designed to enactment crossed Apple devices and adjacent non-Apple devices. Best of all, there’s thing for radical to create, guard, oregon remember.

To assistance explicate however to instrumentality passkeys, the Apple privateness and information squad hosted a Q&A to reply communal questions astir instrumentality support, usage cases, relationship recovery, and more. Here are immoderate highlights from that conversation.

How bash passkeys work?

Passkeys are based connected nationalist cardinal cryptography, which matches a backstage cardinal saved connected a instrumentality with a nationalist cardinal sent to a web server. When idiosyncratic signs successful to an account, their backstage cardinal is verified by your app oregon website’s nationalist key. That backstage cardinal ne'er leaves their device, truthful apps and websites ne'er person entree to it — and can’t suffer it oregon uncover it successful a hacking oregon phishing attempt. There’s thing concealed astir the nationalist key; it offers nary entree to thing until paired with the backstage key.

Which devices enactment passkeys?

Passkeys enactment connected devices moving a minimum of iOS 16 connected iPhone 8; iPadOS 16 connected iPad 5th generation, iPad mini 5th generation, iPad Air 3rd generation, each iPad Pro models that connection Touch ID oregon Face ID; macOS Ventura; and tvOS 16. Passkeys are besides supported successful Safari 16 connected macOS Monterey and Big Sur.

When Touch ID oregon Face ID can’t beryllium used, radical tin participate their instrumentality passcode oregon strategy password to authenticate passkey credentials.

How bash I follow passkeys?

The archetypal measurement is to follow WebAuthn connected your back-end server and adhd our platform-specific API to your app. Take a deeper dive into adjacent steps by watching the video below:

Meet passkeys

Watch now

What happens if a instrumentality is mislaid oregon stolen?

Data remains safe. Passkeys are end-to-end encrypted done iCloud Keychain and necessitate biometrics, specified arsenic Face ID oregon Touch ID, oregon the instrumentality passcode to decrypt them. Without these, passkeys stay securely stored connected the mislaid device. For other bid of mind, you tin ever remotely hitch your instrumentality with Find My.

What does relationship betterment look similar for idiosyncratic who’s lone ever signed successful with a passkey?

The betterment method is autarkic of the authentication mechanism. Apps and websites are invited to support the aforesaid betterment methods they usage contiguous (such arsenic sending a nexus successful an email to make a caller passkey). Recovery volition apt beryllium a overmuch little communal script with passkeys, which are saved by the device. There’s thing for a quality to forget.

Can idiosyncratic person aggregate passkeys for my app; for instance, passkeys generated from aggregate devices?

Yes, idiosyncratic tin person 1 passkey per relationship per platform. In the peculiar lawsuit that idiosyncratic has much than 1 relationship for an app, they’ll person discrete passkeys for each relationship too.

What’s the quality betwixt passkeys and multifactor authentication?

Multifactor authentication adds further layers of information connected apical of an existing password, but mostly inactive leaves the anticipation of phishing. Since passkeys destruct the astir pressing problems with passwords and are resistant to phishing, further user-visible steps aren’t needed.

Is it imaginable to usage an email code arsenic the disposable relationship identifier alternatively of a username?

Yes, it’s decidedly possible. Our videos and documentation usage usernames and email addresses arsenic examples. Nothing astir relationship identifiers has to change.