How to Replace Your Passwords with Passkeys on an iPhone
The latest iPhone update includes a hidden feature that lets you log in to websites and apps without using any passwords. Apple calls passkeys the “next-generation credential,” boasting that they are easier to use and totally safe from phishing, password leaks, and other common security issues. Here’s everything you need to know about Apple passkeys, why they are more secure than passwords, and how to start using them on your iPhone.
What Are Apple Passkeys?
Passkeys were designed to replace traditional passwords with a faster, easier, and more secure login method. For example, you can use Face ID or Touch ID on your iPhone to instantly log in to a website or app. If you sync your passkeys on iCloud, you can also use your iPhone to log in to websites on your Mac computer.
Apple first announced it was working on passkeys in a joint effort with Google and Microsoft back in May. Together, the tech giants are supporting a common passwordless standard created by the FIDO Alliance and the World Wide Web Consortium in an effort to “help reduce the world’s over-reliance on passwords.”
Since all three tech giants agreed to support the same passwordless standard, it was designed to work across all platforms and devices. That means you will even be able to use Face ID on your iPhone to sign in to websites and apps on non-Apple devices, like a Windows PC or an Android smartphone.
While passkeys are meant to be easier than passwords, they are also designed to be more secure.
If you want to improve your security at home, HelloTech can help set up a smart home security system with you. We have thousands of technicians across the country who can come to your home as soon as today to install your smart home security devices for you and answer any questions you have.
How Do Passkeys Work?
Passkeys work very differently from passwords. When you create a password, it is stored on the server of the website or app you are signing in to. On the other hand, passkeys are generated by your device with two keys, a “public key” that is stored on the server and a “private key” that is stored on your device.
Since the private key is created and stored on your device, it can be kept totally secret from the server. So, even if a cybercriminal is able to breach the server of a website or app, they won’t be able to get their hands on both keys needed to access your account.
Unlike traditional passwords, passkeys are “never guessable, reused, or weak,” according to Apple. Passkeys are stored on your device and not a web server, so they are protected against leaks and phishing. Plus, passkeys are also end-to-end encrypted, so not even Apple can read them.
“With passkeys, not only is the user experience better than with a password, but entire categories of security problems, like weak and reused credentials, credential leaks, and phishing, are just not possible anymore.” Garrett Davidson of Apple’s authentication experience team said at the 2022 Worldwide Developers Conference event.
Can’t be guessed, stolen, or cracked: Unlike text-based passwords, which are hard to remember and easy to steal, passkeys use Face ID and Touch ID. These biometric checks are easy for you to use, but they are also very strong and hard for hackers to bypass.
Protected from Phishing – Since all passkeys are unique for every website and app, they “completely eliminate the human factor from phishing,” according to Apple. That means cybercriminals won’t be able to trick you into signing in to fake websites or apps, no matter how convincing they appear.
Safe from leaks – Passkeys can’t be compromised in server leaks because the private keys are never stored on servers. Also, since all passkeys are unique, hackers can’t use your login credentials from one site to access your accounts on other sites (where you might otherwise reuse the same password).
End-to-end encryption: While iCloud Keychain makes it easy to share passkeys across your devices, the communication is totally encrypted from end to end. In fact, Apple claims they can’t even read your passkeys.
Credential recovery: Since passkeys are connected to a specific device, you might not be able to sign in to a website or app without it. However, you can always create multiple passkeys and sync them across your devices with iCloud Keychain. If your devices are all lost or stolen, you can recover them with iCloud keychain escrow.
While you can use passkeys to replace your passwords, you can also use them alongside traditional passwords to provide an extra layer of security. However, it is important to note that when you set up a passkey on a website, you will not be able to log in without that device or another device that has your passkeys synced.
If you are looking to improve your security online, HelloTech offers a Home Technology Checkup service that will determine if your WiFi network is up to date. We have thousands of technicians across the country who can come to your home and test your WiFi security and speed in every room of your home.
How to Use a Passkey on Your iPhone
To use passkeys on an iPhone, open a website or app and go to the login page. Then you might see the option to create a passkey when you sign in, or you might have to find an option to “Log in with a security device” or something similar. Finally, tap Continue when you see the pop-up appear and log in with Touch ID or Face ID.
Once you add a new passkey, you might have to verify it by text message or email the first time. But then you won’t have to type in your username or password or use two-factor authentication to log in ever again. Most sites will even allow you to autofill passkeys, which means it should only take one tap to log in to your sites or apps.
If you are having problems using passkeys on your iPhone, make sure that iCloud Keychain is enabled. To do this, open the Settings app and tap your name at the top of the screen. Then go to iCloud > Passwords and Keychain and turn on iCloud Keychain.
You also need to enable two-factor authentication for your Apple ID, which you can do by going to Settings > [your name] > Password & Security and turn on Two-Factor Authentication. Finally, follow the on-screen instructions.
If you are having problems setting up passkeys on your iPhone, you can always call HelloTech. We can help you troubleshoot problems with your iPhone and answer any other tech questions you may have. We are available by phone at 1-833-599-5711, or you can use the link above to book a service with one of our professional technicians as soon as today.
How to Add a Passkey to Existing Accounts on an iPhone
If you are already logged in to a website or app, you can add a new passkey from your iPhone by going to the settings of the website or app itself. Then look for Account Settings or Security Settings and see if there is an option to add a security device or a passkey to your account.
However, since passkeys are still so new, you might not find this option available on many websites and apps yet. Currently, there are a few major websites that support passkeys, including Facebook, eBay, Microsoft, PayPal, and more. There are even some password managers that are starting to use passkeys, including Dashlane.
If you are interested in a password manager, you can Dashlane for free with a HelloTech Home membership. As a HelloTech Home member, you also get unlimited, instant help with all of your connected devices, 24/7 unlimited tech support, as well as in-home services from one of our professional technicians.
How to Use Passkeys on a Windows PC
If you are using a computer that is not synced with your iCloud account, a Windows PC, or an Android device, you can create a QR code from a non-Apple device. When you scan this QR code from your iPhone, then you can use Face ID or Touch ID to authenticate.
Which Apple Devices Use Passkeys?
Passkeys are now available on iPhones running iOS 16, which can only be installed on the 2nd-generation iPhone SE, the iPhone 8, and all newer models. You can also use passkeys on an iPad running iPadOS 16 or a Mac running macOS Ventura. However, the macOS update won’t be available until October.