When Apple introduced passkeys, implementing the FIDO Alliance’s passwordless, secure authentication technology, the company did it in the most Apple way. It made an icon and printed a very Apple branded “Passkeys” next to it, complete in San Francisco font. And if you’ve only seen part of the WWDC presentation on Apple’s passkeys, it’s possible to assume that passkeys are an exclusive feature of Apple’s iCloud Keychain. Just a reminder: it isn’t.
The term “passkey” will also be used by major players Microsoft and Google. It is used as a noun and can be in the plural or singular, for example, “you need to set a password for your banking app.” In other words, treat the word “password” as you would treat the word “password”. Passkeys work by allowing you to log into an app or website using only your username and your pre-authenticated device – which uses a cryptographic token instead of a password and SMS code that can be phishing or otherwise compromised.
Apple’s software engineering manager Ricky Mondello started a twitter thread yesterday to promote the new technology and clarify what it means. Microsoft’s vice president of identity Alex Simons chimed in on the discussion, confirming that Microsoft will also adopt the name. All parties involved seem to be committed to spreading awareness of passkeys, and so far no one is trying to claim it as their property.
We will certainly use the term “password” in our products and services. It will take some time to build awareness/understanding, but we are all determined to make the necessary investments.
— Alex Simons (@Alex_A_Simons) August 4, 2022
“Passkey” is definitely an easier name to digest compared to “FIDO Authentication”, which can be very confusing when used verbally – as this is where I want to go enter the name of my first pet? Seriously though, if you’ve ever had to explain to the common person what two-factor authentication was, and it took longer than five minutes, imagine teaching them what FIDO authentication is.
For the technology to succeed, it needs that marketing push, and what better way to get the word out than by letting Apple take over. If Apple was really trying to trick people into thinking that passkeys are an Apple-only technology, it probably would have been called Apple PassKeys.
If you’re using the developer betas for macOS or iOS, you can now start using passkeys where available. google plans to open the necessary developer tools to implement passkeys on Android “by the end of 2022”. And Microsoft currently supports passkeys on the web using Windows Hello, and will support it login to an MS account with passwords from an iOS or Android device “in the near future”.