Series of passwordless authentication tools and partnerships unveiled
Apple is making good on its recent statements about the virtue and attainability of no-password biometric credentials. Passkeys for MacOS Ventura are in beta testing now or soon will be, according to Apple, with final code ready by yearend.
According to numerous reports, passkeys for iOS 16 and iPadOS 16 could follow the same timeline.
Passkeys will replace the need for password authentication for each device, app and online service that a person uses by employing the Web Authentication API, which uses cryptographic key pairs. Each passkey is “intrinsically” and uniquely created for each account created for an app or web site, according to Apple.
The public half of each key pair is stored on secured servers, making theft unlikely. The secret portion of the key is on the user’s device. Apple claims passkeys cannot be guessed or reused.
Verification takes place with Apple’s Face ID and Touch ID. As far as most users are concerned, thumb and face biometrics take the place of a password when setting up an account or logging in somewhere.
They are based on standards created by FIDO Alliance and the World Wide Web Consortium. Executives at Apple, Google and Microsoft said last month they would work together to deliver the final replacement for one of life’s moderate but aggravatingly persistent headaches.
A third-party passkey app has been posted as a preview at the App Store.
LastPass unveils passwordless Authenticator manager
LastPass is adding Authenticator, a password manager that enables passwordless access to data, to its product portfolio.
Pointing to the day’s announcements by “tech giants and identity providers unveiling their plans to enable passwordless (options) across their operating systems, web browsers, devices and applications,” says Chris Hoff, LastPass’ chief security technology officer says his company is already there.
LastPass is early on the scene with a password manager that makes possible secure and “effortless” logins.
Authenticator reportedly makes it easier to manage account credentials and get quick access to the accounts.
The app uses two-factor authentication bolstered with contextual factors like geolocation and IP address.
Later this year, according to LastPass executives, they will add biometric face and fingerprint ID options and hardware security keys that allow users to access their vault of passwords without a master password.
LastPass has had a seat on the FIDO Alliance‘s board of directors since September 2020 and says it is building FIDO2-compliant components.
“Authentication is a critical component of any zero-trust architecture and bringing that to users at scale is how businesses can enable greater security and enhanced user experience,” says Andrew Shikiar, chief marketing officer of FIDO. “We applaud LastPass for continuing to evolve their offerings to bring a passwordless login experience to users around the world, helping to break the dependence on password.”
1Password and Valmido join FIDO
1Password sells passwordless authentication through biometrics or physical tokens like Yubikeys.
Executives are previewing their latest development — enabling 1Password’s desktop app to function as a WebAuthn device. Rather than using dedicated hardware for WebAuthn, which 1Password says creates the risk of being lost, stolen or absent when needed, the private keys are integrated into 1Password instead.
Year-old Valmido sells a multi-app device with biometrics for mobile and web services.
The company’s chief technology executive, Marc Muller, says, “Getting rid of passwords offers a high security level and yet superior user experience with a multi-purpose device based on biometrics with 21st century connectivity. This will help citizens and corporations alike manage and be in control of their digital credentials, while making password- and PIN-related problems history.”