Apple WWDC 2022 was held earlier this week, and they brought us some interesting news about their products and services. One of the most exciting announcements was about their new ‘Apple Passkeys’ app. This app allows you to access websites and services without the use of a password, and without sending a password over the internet. This could potentially eliminate the need for passwords altogether, and prevent phishing attacks.
Phishing attacks are a serious cyber security problem that affects millions of people every year. These attacks usually involve someone spoofing a website or email in order to steal your login credentials. There are a few effective ways to prevent phishing attacks. One of which is to add email filtering, which is a software solution aimed at preventing and disrupting un-authorised or suspicious emails before they reach your inbox. The success rate of email filtering is good, but typically doesn’t catch anything.
The emails that do manage to pass through email filtering can often be extremely convincing. It takes well-informed users to spot the key giveaways that mark the mail or spoofed web pages as suspicious. Phishing attacks typically arise in the form of a very convincing email appearing from a company you trust. For example: Royal Mail, Amazon, Google, Paypal etc. If you’d like to know more about phishing attacks, here are Phishing Attack trends to look out for in 2022 .
What is Apple Passkey?
With Apple’s new passkeys app, there will be no need for passwords when using an IOS/ MacOS device. It’s impossible for someone to steal something that doesn’t exist! Apple’s Passkey is structured on the Web Authentication API (WebAuthn). It’s an application/ API that would use apples biometric technology (touch ID and Face ID) to pass secure authentication keys to applications and websites. In order to understand Apple’s Passkey system, it’s important you know a little bit about WebAuthn.
What is WebAuthn and Cryptographic Attestation?
WebAuthn is a browser API that allows users to authenticate themselves using cryptographic attestation.
Cryptographic attestation is a way of verifying the identity of a user or device using cryptographic techniques. This generally involves the use of digital signatures, which can be used to verify that a piece of data has not been tampered with and that it came from the expected source. Cryptographic attestation can be used to verify the identity of a user, device, or even a piece of software. It is a relatively new technique, but it is becoming increasingly popular as a way to secure online communications and accounts.
WebAuthn provides a more secure way of authenticating users, as it is more difficult to spoof or steal authentication keys than a simple password, especially when they’re secured in a SOC. This technique has been used frequently by more savvy tech enthusiasts over the past few years, and even more so by Linux OS geniuses. However, Apple is making this more available to the masses by bringing it to the platform. As we’ve often said about apple and the whole tech industry – what Apple does, the whole industry follows (do you remember the good old days when we had headphone ports on phones?)
How does Apples Passkey work?
Apples Passkey uses WebAuthn to pass private keys through browsers and applications. Apple uses Touch ID or Face ID to verify secure keys and pass them to your application for login. These secure keys aren’t human-friendly, they’re typically a long string of characters that not even a sherlock could remember. This technology would not only completely remove the need for passwords but also help secure your valuable data assets or accounts.
“Because it’s just a single tap to sign in, it’s simultaneously easier, faster and more secure than almost all common forms of authentication today”
Garret Davidson, an Apple Engineer on the Apple Authentication team
Apple is currently working with the Fido Alliance – an open industry association with one focused mission: “Authentication standards to reduce the world’s over-reliance on passwords”. This is great news for the tech industry as a whole. Regardless of whether you’re an individual or a business, we can’t stress the importance of Cyber Security enough. If you’re interested in hardening your Cyber Security, please get in touch today!
Passkey built on Apples Secure Enclave
Apples Passkey will be built upon their ‘Secure Enclave’. Which is a secure isolated chip on Apples SOC. This guarantees further security against hardware attacks and key tampering. If you’re interested in Apples Secure Enclave we suggest you read their article on the support site listed above
Apple Passkey is for the greater good.
Apple’s passkeys app is a great step forward in the fight against phishing attacks. It’s also a significant leap forward in user experience. Whether you love or hate apple, this news is most likely going to have a domino effect on the rest of the industry. Hopefully, in 10 or so years’ time, we can confidently say phishing attacks are thing of the past!
It’s important to remember that there are other ways that attackers can exploit people. It’s important you protect your boundaries as a business or an independent tech user. Get in touch if you’re interested in becoming Cyber Secure. Contact us today!
