8

iOS 17 and macOS Sonoma Automatically Generates Apple ID Passkeys - Slashdot

 1 year ago
source link: https://apple.slashdot.org/story/23/06/20/1559245/ios-17-and-macos-sonoma-automatically-generates-apple-id-passkeys
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

iOS 17 and macOS Sonoma Automatically Generates Apple ID Passkeys

Slashdot is powered by your submissions, so send in your scoop

binspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror

Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!

Sign up for the Slashdot newsletter! or check out the new Slashdot job board to browse remote jobs or jobs in your area
×
You can now forgo entering your password on icloud.com and apple.com domains thanks to newly added passkey support. From a report: When running iOS 17 on an iPhone, any Apple site on the web can rely instead on Face ID or Touch ID to authenticate your login. As part of iOS 17, iPadOS 17, and macOS Sonoma, your Apple ID is automatically assigned a passkey that can be used for iCloud and Apple sites. If you're running iOS 17 on your iPhone, you can try it out now. Just go to any sign-in page with an apple.com or icloud.com domain, like appleid.apple.com or www.apple.com/shop/bag, and look for the Sign in with iPhone button after your enter your Apple ID email address. We've tried this from Safari on the Mac, although you can use passkeys on non-Apple devices as well. Once you select Sign in with iPhone, a QR code is presented that you scan with your iPhone. If you scan the QR code from the Camera app, you can tap the yellow link box to invoke Face ID or Touch ID to authenticate your identity on the web without ever entering your password.

  • Passwords can't die soon enough.

    Once folks start getting used to passkey authentication, it'll get the rest of the industry moving.

    This is one of those "we need big movers to move first instead of being fast followers" kind of things.

    Let's do this.

    • Re:

      No thanks. Still too many issues.
      My work PC has the option disabled by the admins higher up than me, my home desktop doesn't even have the option for passkeys IIRC, and turning it on tanks the usability of the phone to unacceptable levels.

    • Re:

      I'm somewhat concerned about the SPoF this has potential to introduce: instead of a million different ways to store passwords, you're using a single repository backed/accessed via API. That will be a prominent target which will be difficult for hackers to ignore.

      That said, it'll be a huge benefit to account security in general.

      The ability to revoke keys would be crucial, as well. Hopefully that infrastructure becomes available soon.

    • Re:

      The problem with passkeys is that only Apple has a complete ecosystem.

      Biometrics on all their devices, check. Flexible secure processors on all their devices, check. Dedicated department for investigating requests for account recovery when all other options fall through, check. Rank amateurs as competition, check.

      • Re:

        Agreed, but you have to start somewhere. It's a chicken/egg problem. May as well let the first mover get it right and set a good model to follow.

        If we let the rank amateurs set the pace, we'll be stuck with this completely stupid "Remember a 36-character password with 4 symbols, 3 digits, at least two uppercase letter and two emojis" nonsense forever.

        I'm over it.
        I'm over passwords.
        I'm over password keepers.
        I'm over managing authorized_keys files.
        I'm over all of it.

        • Re:

          AFAIK, you are just trading one random set of jibberish (password) for another (private key). The nice thing with passkeys is that you aren't giving the super secret to the web site to store; Rather, you are keeping the secrets close to the vest. But you still need to manage and store the secrets. Which, I think, means that a manager is still required.

  • Intel and AMD are the only ones who can implement passkeys securely on PCs due to lack of foresight of PC operating system developers. TPM is not enough, ME/PSP are needed too. Being forced to use your phone while Apple users can just use the single device they are working on would accelerate the deathmarch of everything non Apple in consumer electronics (and financial services and cars).

    With Intel involved it might even be an open standard which allow passkey syncing between Microsoft and Google, instead o

  • 1) Bad guy or collection of them who get your credit card info can buy an iPhone, iPad, or Mac, set it up (with reproducable facial disguise or fake fingerprint glove), and gain access to your accounts on all apple servers.

    2) Cop or secret police of some tyrannical country arrests you with an iProduct on you, fingerprints you, 3-d prints or photo-etches and molds a fingertip glove or your print, and logs in with that, or with your picture, or by holding the iGadget up in front of you or running your finger

    • Re:

      1. FaceID is not enough to get an Apple device associated with your Apple ID.
      2. The only advantage for the current situation is that they need you temporarily alive to get the password.
      3. They can do all that with your password too. The password has to go through an input device though, with passkey only user verification goes through an input device.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK