There are some major, fancy features coming in this falls OS releases, but there is one, unsung hero that could change it all…
Passwords – a thing of the past?
We are all guilty of it, admit it. You get to that part of the website that requires a password, and we all decide on the best, quickest, and most convenient route we should take.
We have choices to make…the easy and often used and repeated ‘whatever123’ or the good old, kid’s first name/birthday combo. Snappy, sure, and we’ll never forget it, but equally highly insecure! To this day, I still have a Password keeper app on my phone. I can actually picture where I was when I first downloaded it (a music festival!). Back in those dark, distant days, that seemed to be the way forward. At least thinking up some random password and storing it in a password keeper was a step forward from repeatedly using the same two or three, simple passwords.
That process served me well enough for a good while, actually. Then, it all started to change with Keychain, Apple’s password management system. As was frequently the case, it was Steve Jobs that pushed through the release of Keychain. Internal rifts had prevented it progressing, relegating it to PowerTalk, which was merely interested in your email protection. Using plug-in’s, it allowed you to safely retrieve email from numerous servers.
What we now recognise as Keychain, was first introduced to us in 1999 with Mac OS 8.6. I started to use it pretty much, in some form or another, immediately. For Mac and iOS users, it was a revelation – a real step forward in online security.
Keychain – I learned to love it!
The more I used it, the more I started to trust it. You have to remember this was at the infancy of cloud-based anything. The online boom was just starting and, my generation, had to learn we could trust all this gobbledygook.
Now, of course, I don’t give it a second thought. The moment it comes to generating a random, strong, secure password, I let Keychain do its thing.
At its core, Keychain is an encrypted container that securely stores your account names and passwords for your Mac, apps, servers and websites, and confidential information, such as credit card numbers or bank account PIN numbers.
Whilst I know others have switched to 1 Password and other such services, I have remained loyal to Keychain. Why? Well, it’s free, which is a lovely sounding word to me! It works across all my devices, and has never let me down. Given all that, why would I change? A password keeper/generator, should not be something you give a second thought about. Once you’ve made your choice, it should be a case of forgetting about it. Over recent months, I have actually been importing the remaining passwords from that original app, over to Keychain.
And, of course, with fine timing, just as I wholeheartedly embrace Keychain, it’s about to become a part of history too.
Hello to the passkeys
No matter how secure your passwords, or password app is, there will always been some vulnerability attached to them. Apple, and other tech behemoths, are keen to move on from passwords, and passkeys, seems to be the elected way forward.
At WWDC in June, Apple announced passkeys for the first time. It’s essentially a new type of security that seeks to replace passwords for account login purposes.
Passkeys are a biometric, sign-in standard. Whereas passwords were stored on servers, and thus open for attack, passkeys will be stored locally, on device. Passkeys are based on the application programming interface (API), WebAuthn. The beauty is, once set-up, you’ll be able to sign in to the service with either Face ID or Touch ID.
When you request to get on to a website, it will simply send a request to your device to authenticate the request. It combines both stronger security and increased convenience.
Further convenience comes to Apple users with passkeys, as they can be backed up to iCloud, and synced, with end-to-end encryption, across all devices. And, if you happen to want to access websites and services, whilst on Windows or Android devices, that too is covered. The websites will send a QR code to scan, and again, authenticate using biometrics.
Do we need to change?
In a word – yes! Passwords have been the online standard-bearer for years now, but actually, they are not very good!
It starts with the obvious weakness, that you have to find a way to remember them. Passwords are also vulnerable to cyber-attacks and data breaches.
Passkeys, however, cannot be re-used over various services, and, as it’s stored on your device, you’ll have no need to remember them either. And, as they are stored on your device, they cannot be phished, or leaked in data breaches. The fact that passkeys are not stored on some ubiquitous server, is a massive step forward.
A password-less future?
Although announced at this year’s WWDC, Apple actually previewed the passkey feature at the developer conference one year earlier. Apple said, at the time, it would be part of a multiyear effort to replace passwords with something more secure, and passkeys were their answer.
Make no mistake, though, this is not just a new development purely for Apple, but, rather set to become the industry standard.
Just before WWDC, Apple partnered with Google and Microsoft, in a concerted effort to expand and speed-up the support for a password-less future.
These three tech-giants, are often seen as rivals, have come together as one over this though, backing FIDO (Fast Identity Online) unanimously. They are keen to implement the new standards for desktop, and mobile users alike, within the next twelve months.
These efforts have not gone unnoticed by the US government, either. Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency, said;
“this type of forward-leaning thinking that will ultimately keep the consumer safer online.”
The fact there is unanimity across the big-players, can only mean one thing – more people staying safer online, and that has to be a good thing, right?
It seems certain, that both Apple & Google are likely to start rolling out devices, enabled with the FIDO-backed WebAuthn standards soon. That’ll mean, that the vast majority of smartphone users will be getting used to the password-less future, imminently.
And if more proof were needed
Apple’s senior director of platform product marketing, Kurt Night, and VP of internet technologies, Darin Adler, were recently interviewed by Tom’s Guide. Adler, in particular, was excited by the future, commenting;
“passwords can be like a mixed bag – they are the key to protecting everything we do online, but they’re also one of the biggest attack vectors and security vulnerabilities users face today. Face ID and Touch ID verification will give you the convenience that biometrics can achieve with an iPhone. You don’t have to buy another device, but also you don’t even have to learn a new habit.”
Seeing the future that lays ahead, some of the biggest sites, are already making sure they are FIDO-friendly. Websites such as eBay, Best Buy, PayPal & Nvidia are already compliant.
Wrapping up
Whilst we are not yet ready for a password-less, online, society, we are not far away. The future, very much starts now. This is one to embrace, applaud and run with.
Online security can only be good for us all.
Getting involved
Guess what – if you look forward to my articles & blogs landing each day, you can help that happen! By clicking via this link, you can join Medium, and get my blogs every day, the moment I publish them. And, you can even get email notifications about them too. Go on – one little click of the Magic Mouse, will make a big difference to both you and me! 😋
Fancy receiving my weekly video newsletter?
It’s free, and simple to join. Just leave me your details here, and every Sunday lunchtime, I will drop in to your inbox, catching up on the last week.
Finally, I keep all my Mac as new with CleanMyMac – my go-to tool for making sure my Mac stays match-fit (affiliate link)