iOS 17 and macOS Sonoma Add Passkey Support to Your Apple ID

[MacRumors]

Starting with iOS 17, iPadOS 17, and macOS Sonoma, users with an Apple ID will automatically be assigned a passkey, allowing them to sign into their Apple ID with Face ID or Touch ID instead of their password on various Apple sign-in pages, including icloud.com, appleid.apple.com, appstoreconnect.apple.com, and more.

Passkeys are a more secure alternative to passwords. Apple explains:

A passkey is a cryptographic entity that's not visible to you, and it's used in place of a password. A passkey consists of a key pair, which—compared to a password—profoundly improves security. One key is public, registered with the website or app you're using. The other key is private, held only by your devices.

Passkey support for Apple IDs will also be available for third-party apps and websites that support the "Sign in with Apple" feature.

Users running beta versions of iOS 17, iPadOS 17, and macOS Sonoma can test this functionality on supported Apple sign-in pages starting today, but it does not yet appear to be available for everyone. All users with an Apple ID will be able to sign in with a passkey once the software updates are released to the public later this year.

Passkey support on the Apple ID page was spotted earlier by Twitter user @aaronp613.

https://twitter.com/i/web/status/1671154639994011648

Article Link: iOS 17 and macOS Sonoma Add Passkey Support to Your Apple ID

 

[Bentham]

Eagerly awaiting Beta 2 this week.

 

[Apple Fan 2008]

This is great for people who need high security.

 

[Windoes]

This is great for all people

Corrected

 

[mystery hill]

One step closer to eliminating Apple ID passwords.

 

[00sjsl]

How does this work if you have more than one apple id?

 

[Bodhitree]

Sounds like a very good idea, but what do you do to get support on a Windows machine? We will have to see exactly how it works. I don’t fancy copying 2048 bit cryptographic keys by hand though.

 

[mystery hill]

Sounds like a very good idea, but what do you do to get support on a Windows machine?

You would scan the QR code displayed on the Windows device with your iPhone.

 

[ipedro]

How does this work if you have more than one apple id?

Your login name ie your Apple ID associated email can still be inputted manually.

 

[frqunzfltr]

I'm using Passkeys as much as I can. It's one so far... Google.

 

[sk1ski1]

Unfortunately on iOS, the backup to Face-ID for the iPhone's Keychain or PassKeys is the iPhone's passcode. So anyone that has access to your phone and knows the passcode, can use the phone's passcode to log-in to iCloud or Apple ID with this feature.

 

[MrRom92]

I don’t trust it, nothing apple ever does with passwords works as advertised. I have a lock with HomeKey, I tried to get into my house the other day. I have “express mode” turned on.
What is the “express mode” setting?
“Express Keys work automatically without requiring Face ID or your passcode and may be available when your iPhone needs to be charged.”

So I get to the door, wave my iPhone near the lock… what happens? Starts asking me for my full device password while I’m stuck standing there and holding everything unable to get into my house or even reasonably type on my phone.


Nice one Apple!

 

[Hank001]

Sounds like a very good idea, but what do you do to get support on a Windows machine? We will have to see exactly how it works. I don’t fancy copying 2048 bit cryptographic keys by hand though.

It's platform independent:

In marketing material, the terms passkey or passkeys are preferred over related terms such as FIDO or WebAuthn, because they are less likely to cause confusion.[7] It is a common misconception that passkeys are specific to Apple devices.[7]

WebAuthn - Wikipedia

en.wikipedia.org

 

[mystery hill]

Unfortunately on iOS, the backup to Face-ID for the iPhone's Keychain or PassKeys is the iPhone's passcode. So anyone that has access to your phone and knows the passcode, can use the phone's passcode to log-in to iCloud or Apple ID with this feature.

Anyone who has access to your phone and knows your passcode, can already view all your data on your device. They wouldn’t even need to log in to iCloud.

 

[ipedro]

Unfortunately on iOS, the backup to Face-ID for the iPhone's Keychain or PassKeys is the iPhone's passcode. So anyone that has access to your phone and knows the passcode, can use the phone's passcode to log-in to iCloud or Apple ID with this feature.

This is a problem, I agree, but one that’s more of a cultural problem than a tech issue and is fairly easy to avoid.

People are so used to typing in their PIN every time they unlock their phone if they’re not using biometric unlock.

People need to be taught to never use their PIN in public and if they absolutely must, then guard it like you do your bank card PIN.

There could be some technology enabled backup solutions like adding a hierarchy of devices with more power over the others, whereas my home Mac can override my iPhone’s lock and revert security changes recently made by the iPhone.

 

[ipedro]

One step closer to eliminating Apple ID passwords.

*passwords in general.

This is a big one. Between Google and Apple, that’s a lot of sign-ins covered.

Would be good if Meta got on board but fewer and fewer sites have sign in with Facebook.

The transition has been going a lot quicker than people expected. The more of these big players support Passkeys, the more the smaller sites and apps get in line.

 

[antiprotest]

I don’t trust it, nothing apple ever does with passwords works as advertised. I have a lock with HomeKey, I tried to get into my house the other day. I have “express mode” turned on.
What is the “express mode” setting?
“Express Keys work automatically without requiring Face ID or your passcode and may be available when your iPhone needs to be charged.”

So I get to the door, wave my iPhone near the lock… what happens? Starts asking me for my full device password while I’m stuck standing there and holding everything unable to get into my house or even reasonably type on my phone.


Nice one Apple!

With anything like this coming from Apple, especially security and cloud features, I always wait a long while before using it. Apple tends to mess things up a lot, and the users pay dearly for their mistakes. So things like iCloud Drive, iCloud Photos, 2FA, I had always waited a long time before activating. I haven't turned on e2e yet for the same reason. It will be at least a year or two before I consider using passkeys with Apple.

 

[frqunzfltr]

Unfortunately on iOS, the backup to Face-ID for the iPhone's Keychain or PassKeys is the iPhone's passcode. So anyone that has access to your phone and knows the passcode, can use the phone's passcode to log-in to iCloud or Apple ID with this feature.

They don't need this feature. They can simply change your Apple IDs password.

 

[macintologist]

I still don’t understand how this should work if you are a guest user on a PC or some other scenario where you need a password.

 

[jaytv111]

I still don’t understand how this should work if you are a guest user on a PC or some other scenario where you need a password.

It shows a QR code, you scan the QR code on your phone, you get signed in.

 

[DotCom2]

I don’t trust it, nothing apple ever does with passwords works as advertised. I have a lock with HomeKey, I tried to get into my house the other day. I have “express mode” turned on.
What is the “express mode” setting?
“Express Keys work automatically without requiring Face ID or your passcode and may be available when your iPhone needs to be charged.”

So I get to the door, wave my iPhone near the lock… what happens? Starts asking me for my full device password while I’m stuck standing there and holding everything unable to get into my house or even reasonably type on my phone.


Nice one Apple!

Oh no, I just purchased a door lock that has an "Express Mode" but haven't installed it yet. What brand is yours. I got a Schlage Encore Plus. Now I am worried.

 

[jaytv111]

How does this work if you have more than one apple id?

Send it over Airdrop, it should store more than one Apple account Passkey, it does that for other websites.

 

[MrRom92]

Oh no, I just purchased a door lock that has an "Express Mode" but haven't installed it yet. What brand is yours. I got a Schlage Encore Plus. Now I am worried.

Mine’s the Schlage Encode Plus as well. Don’t get me wrong, I LOVE it - one of the rare smarthome purchases that really improved everyday life. But Apple’s HomeKey implementation is inconsistent and has room for improvement.
As it turns out, we’re usually using HomeKit integration more than the HomeKey itself. Just faster; and it doesn’t randomly ask me for a password even when it claims it won’t.

 

[Jamie0003]

This is awesome, but is there a way to not have to use a passcode on iOS anymore to unlock your device?

 

[TechRemarker]

Is it more secure though? Since if one has a simple passcode like most do since you have to enter much more frequently, then if someone sees you entering it over your shoulder, and is table to take or borrow your phone they can now get into much more, since before at least your passwords would be different for different services any more complex for ones you don't have to login to frequently, but with this, rather if someone gets your device, they essentially just need to know one password to access everything and for many that may even be as simply as 4 digits, no? Like how Password Managers like 1P are amazing and each password in it might be 50 random unique characters, but the single password to get into it, is most often short and memorable since something the user has to enter much more frequently. So if someone again gets the device, and saw you entering your 1P login (easier if they record you doing it and zoom in before), then they have access to every single account. So as technology gets more secure I always still look at the weakness link in the chain.