Checklist 333: Passkeys and Security Updates
Saying goodbye to passwords
Last year, Apple announced passkeys: an easy, secure, multi-platform authentication method designed to replace passwords.
Passkeys are part of Apple’s collaboration with the FIDO Alliance—an organization dedicated to improving the way we sign in online. For more on their work, have a listen to Checklist 278: Getting to Know FIDO.
So what’s wrong with our trusty old passwords? Lots, according to FIDO and Apple.
To begin with, many people reuse passwords—or use very weak passwords. In addition, even a strong, unique password can be lost in a phishing or social engineering attack. And while 2FA mitigates some of the weaknesses of passwords, there are vulnerabilities there as well.
Passkeys attempt to solve these problems using public key cryptography, biometric login technology, and iCloud Keychain. (For a more complete explanation of passkeys, see: How do Apple’s passkeys work?)
As with any new tech, there has been a delay between the announcement and the implementation of passkeys. But for folks on Apple platforms, passkeys are coming soon.
Cult of Mac reports that Apple will enable passkeys for Apple users and developers in the very near future. The company is currently integrating passkeys into the betas of iOS 17, iPadOS 17, and macOS 14 Sonoma.
According to a report from TechCrunch, this is a prelude to the full rollout of the new OSes—and thus of passkeys—this fall:
Apple will automatically assign a passkey to each user so they can log into Apple accounts on the web without needing any password.
But does that mean you can no longer use passwords to sign in to your Apple account? Not at all, say the folks at TechCrunch:
Passkeys don’t necessarily replace passwords…they are just an alternative way to sign in.
An urgent round of Apple updates
This week, Apple updated its major OSes to iOS 16.5.1, iPadOS 16.5.1, macOS 13.4.1, and watchOS 9.5.2.
The security content of the updates was significant. Apple says the updates all addressed one or two vulnerabilities reportedly under active exploitation.
As 9to5Mac explains:
The first flaw patch is for a vulnerability that allows the execution of arbitrary code with kernel privileges. And the second is a WebKit flaw fix that stops maliciously crafted web content from being able to execute arbitrary code.
In addition to updates to its newer OSes, Apple also released security patches for older OSes to address the kernel bug. These were released as:
- iOS 15.7.7
- iPadOS 15.7.7
- watchOS 8.8.1
- macOS Monterey 12.6.7
- macOS Big Sur 11.7.8
Apple also updated Safari to version 16.5.1 to patch the WebKit vulnerability.
If you haven’t updated your devices, please do so without delay!