Can Apple Passkeys Prevent Phishing Attacks?

Facebook
Twitter
LinkedIn
Apple Passkeys

Apple WWDC 2022 was held earlier this week, and they brought us some interesting news about their products and services. One of the most exciting announcements was about their new ‘Apple Passkeys’ app. This app allows you to access websites and services without the use of a password, and without sending a password over the internet. This could potentially eliminate the need for passwords altogether, and prevent phishing attacks.

Phishing attacks are a serious problem that affects millions of people every year. These attacks usually involve someone spoofing a website or email in order to steal your login credentials. There are a few effective ways to prevent phishing attacks. One of which is to add email filtering, which is a software solution aimed at preventing and disrupting un-authorised or suspicious emails before they reach your inbox. The success rate of email filtering is good, but typically doesn’t catch anything.

The emails that do manage to pass through email filtering can often be extremely convincing. It takes well-informed users to spot the key giveaways that mark the mail or spoofed web pages as suspicious. Phishing attacks typically arise in the form of a very convincing email appearing from a company you trust. For example: Royal Mail, Amazon, Google, Paypal etc. If you’d like to know more about phishing attacks, here are Phishing Attack trends to look out for in 2022 .

What is Apple Passkey?

With Apple’s new passkeys app, there will be no need for passwords when using an IOS/ MacOS device. It’s impossible for someone to steal something that doesn’t exist! Apple’s Passkey is structured on the Web Authentication API (WebAuthn). It’s an application/ API that would use apples biometric technology (touch ID and Face ID) to pass secure authentication keys to applications and websites. In order to understand Apple’s Passkey system, it’s important you know a little bit about WebAuthn.

What is WebAuthn and Cryptographic Attestation?

WebAuthn is a browser API that allows users to authenticate themselves using cryptographic attestation.

Cryptographic attestation is a way of verifying the identity of a user or device using cryptographic techniques. This generally involves the use of digital signatures, which can be used to verify that a piece of data has not been tampered with and that it came from the expected source. Cryptographic attestation can be used to verify the identity of a user, device, or even a piece of software. It is a relatively new technique, but it is becoming increasingly popular as a way to secure online communications and accounts.

WebAuthn provides a more secure way of authenticating users, as it is more difficult to spoof or steal authentication keys than a simple password, especially when they’re secured in a SOC. This technique has been used frequently by more savvy tech enthusiasts over the past few years, and even more so by Linux OS geniuses. However, Apple is making this more available to the masses by bringing it to the platform. As we’ve often said about apple and the whole tech industry – what Apple does, the whole industry follows (do you remember the good old days when we had headphone ports on phones?)

Screenshot 2019 12 01 at 11.06.31

How does Apples Passkey work?

Apples Passkey uses WebAuthn to pass private keys through browsers and applications. Apple uses Touch ID or Face ID to verify secure keys and pass them to your application for login. These secure keys aren’t human-friendly, they’re typically a long string of characters that not even a sherlock could remember. This technology would not only completely remove the need for passwords but also help secure your valuable data assets or accounts.

george prentzas SRFG7iwktDk unsplash 1

“Because it’s just a single tap to sign in, it’s simultaneously easier, faster and more secure than almost all common forms of authentication today”

Garret Davidson, an Apple Engineer on the Apple Authentication team

Apple is currently working with the Fido Alliance – an open industry association with one focused mission: “Authentication standards to reduce the world’s over-reliance on passwords”. This is great news for the tech industry as a whole. Regardless of whether you’re an individual or a business, we can’t stress the importance of Cyber Security enough. If you’re interested in hardening your Cyber Security, please get in touch today!

Passkey built on Apples Secure Enclave

Apples Passkey will be built upon their ‘Secure Enclave’. Which is a secure isolated chip on Apples SOC. This guarantees further security against hardware attacks and key tampering. If you’re interested in Apples Secure Enclave we suggest you read their article on the support site listed above

image
support.apple.com – Secure Enclave SOC Diagram

Apple Passkey is for the greater good.

Apple’s passkeys app is a great step forward in the fight against phishing attacks. It’s also a significant leap forward in user experience. Whether you love or hate apple, this news is most likely going to have a domino effect on the rest of the industry. Hopefully, in 10 or so years’ time, we can confidently say phishing attacks are thing of the past!

It’s important to remember that there are other ways that attackers can exploit people. It’s important you protect your boundaries as a business or an independent tech user. Get in touch if you’re interested in becoming Cyber Secure. Contact us today!

Share:

Facebook
Twitter
Pinterest
LinkedIn

One Response

Leave a Reply

Your email address will not be published.

Social Media

Most Popular

Get The Latest Updates

Subscribe To Our Weekly Newsletter

No spam, notifications only about new products and updates.

- Thanks for Reading!

Related Posts

Phishing attack trends

Phishing attack trends 2022

Phishing attacks are on the rise, and they’re only going to become more prevalent in 2022. In this blog post, we will discuss the trends that we are seeing in phishing attacks and what you need to do to protect your business.

Chloe Henderson - ITC Service

The New ITC Customer Portal

We’re proud to announce our new ITC Customer Portal https://itcservice.myportallogin.co.uk/ Our customer portal is a new and exciting way to log tickets and check up

allow us to help you, speak to peter.

Don’t Be A Stranger… reach out to us

Just write down some details and our fantastic team members will be in touch.

Contact Info