Apple’s announcement may spell the end for passwords – and the beginning for biometrics

Passwords? Who needs passwords?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Appleis no stranger to making headlines around its annualWWDC Conferenceback in June 2022. While its products reach consumers and businesses all over the world, one of the biggest headlines from the 2022 conference were not about a slimmer, faster new iPhone, but the company’s planned replacement for passwords that will be coming soon to Safari and iOS; a plan to make even thebest password managersall but obsolete.

The password problem is well documented these days. With 39% of UK businesses being hit by cyber attacks last year, with phishing attacks accounting for nearly 90% of these, the security limitations of passwords are clearer than ever. And we all know what a poor experience passwords offer. The growing number to remember, plus the required complexity of these means the re-use and sharing of passwords is rampant. 72% of enterprise workers admit to reusing passwords, increasing vulnerability to costly account takeovers, data breaches and even stolen identities.

Alternatives to passwords have been introduced in various forms over the last few years to counteract the glaring faults passwords present.Multi-factor Authentication(MFA) has helped some businesses improve security; however, the significance of Apple’s latest announcement and what it means in the move away from passwords is nothing short of mighty.

What are passkeys?

Apple’s passkey technology utilizes well-established industry standards from FIDO Alliance that Apple has been a part of during their development, working with other tech companies and service providers from across the globe to reduce the collective reliance on passwords.

FIDO Alliance passwordless sign-in standards are already supported in billions of devices and all modern web browsers. Thelatest development and expansionin capabilities has been led by Apple,GoogleandMicrosoft, who are now building support for these into their platforms – and, in turn, making these available across the world’s most popularbrowsersand operating systems.

This new passwordless standard presents a huge variety of benefits that passwords simply cannot provide. It enables a more seamless sign in by allowing users to automatically access their credentials across multiple devices, eliminating the need to re-enroll every account. This ensures that users will have a consistent experience regardless of what browser oroperating systemthey are using to log in. The user experience couldn’t be simpler either, enabling log in viabiometricsor PIN on device just as users are currently accessing their devices.

You can forget passwords but you can’t forget your face

Security and convenience are two of the most important features needed to truly enable the full eradication of passwords – biometric verification provides both to a high standard.

Unlike passwords, biometrics are tied to an individual person and unique to them. This means they do not suffer from the limitations passwords present when it comes to shareability and theft. While it is true that nothing is unhackable, modern biometric technology is highly robust and requires significant time, effort, money and expertise to compromise.

It is almost impossible for biometric verification to be used at any scale, as even successful spoofs are based upon one person and one device or app, limiting the number of attempts that can be made. With passwords, only one needs to be compromised for it to then be easily shared or uploaded to the dark web. And because the password was most likely used for multiple accounts, one compromised credential can quickly offer access to multiple accounts. Ultimately, biometric verification takes the responsibility away from the user as you can’t forget your face or give it away as we do with passwords in phishing attacks.

Why face verification?

Any truly effective password replacement must be agnostic of device, scenario or user. Facial verification is the strongest candidate among the biometric identifiers to deliver this for several key reasons:

The future is passwordless

Apple’sWWDCannouncement on passkeys is just one of many nails in the coffin for passwords, and it’s clear biometrics will be another when it comes toidentity management. While passwords won’t be totally eradicated in the very short term, organizations, service providers and device manufacturers should now start to consider the future of this biometrics-led and passwordless world, with face verification on top of RFPs.

We’ve featured the best business password managers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Joe Palmer, Chief Product & Innovation Officer, iProov.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Quordle today – hints and answers for Saturday, November 9 (game #1020)