© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Apple gets rid of passwords: what could go wrong?

iOS 16 allows users to swap passwords for passkeys, as will macOS Ventura. But why?

Passwords are the bane of existence for many of us. Whether it’s trying to remember the discrete combination of key presses that help unlock each of our private accounts or simply conjuring up a password that adheres to sites and platforms’ different rules, we’re expected to hold in our heads an endless number of combinations.

Little wonder, then, that most people take one of three options when it comes to passwords. They either pick simple to remember but easy to crack passwords for their accounts, often jotting them down on bits of paper; or they reuse the same passwords across multiple accounts – spelling doom for anyone who manages to unlock just one of them, giving them the ability to leapfrog through a person’s entire online life.

A clever few outsource the brainpower required to keep their passwords front of mind to password managers, though they have their own issues, particularly in light of recent breaches. A hacker recently spent four days with untrammeled access to LastPass’s development environment, a major concern.

Death of the password?

Passwords have blighted many an online life – which is why big tech companies are trying other alternatives that mean we can get rid of them. Apple has decided in iOS and MacOS 13 – also known as Ventura – that it will enable a passwordless sign-in using what’s called passkeys.

By encouraging the use of passkeys, Apple is ensuring users of its devices no longer have to enter a username and password to log on to apps and websites. The goal of this is to try and reduce the number of times you’re being asked to part with your most private information - which hopefully reduces the chances of being tricked into giving up private data through phishing attacks.

The system will work in a similar way to Face or Touch ID for Apple users. The system generates a unique key that can only be accessed with user authentication via Face ID or Touch ID and synchronizes across different devices.

It’s called FIDO

The passkeys principle is an Apple rebranding of a technology that has been proposed for some time. It’s the FIDO standard, developed by the FIDO Alliance, an association that is aiming to rethink how authorization and authentication work across the whole internet and tech space. The cryptographic key that’s produced has been in the making for nine years.

But there are issues with the concept of passkeys that could prove problematic. For one thing, the underlying technology behind passkeys – public-key cryptography – is predicted to be broken by quantum computers within a decade. It’s something that would then render the whole concept of them easily crackable – perhaps more than passwords, the thing they’re designed to replace.

Yet there’s a more fundamental risk, and it’s one that all tech users should be wary of, particularly given the last few years of big tech’s dominance. Entrusting a single company to hold your passkeys risks locking you into a connection with them forevermore.

FIDO’s current proposal, which is believed to be the one backed by Apple, has no mechanism for transferring passkeys easily between ecosystems – meaning that you’re likely locked into Apple for life. (You can transfer them over one by one, but that takes time and effort when multiplied across all your services and apps.) For some, that’s not a problem and in fact a benefit. But if you want to have the freedom of choice, it becomes problematic.

More from Cybernews:

Russian ‘conscription leak’ is likely a fake

21 hackers made over $1m on HackerOne

Can’t find these items? Scalper bots are to blame

Oracle cloud bug allowed accessing other users’ virtual disks

Hackers exploit Capital One to steal identities

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked