Apple Passkeys Are Here – But Microsoft Leads the Way with Passwordless Authentication

LISTEN ON:

According to the tech press, ‘it’ doesn’t exist until Apple announces it first. In this case, Apple passkeys. But you can already use Microsoft’s implementation of passwordless authentication today on Windows, iOS, and Android.

Microsoft has been pushing and implementing passwordless authentication for years. But you’d think that Apple had invented passkeys, judging by some of the headlines that have appeared over the last few days.

Exclusive: Apple just showed us how it will kill the password forever (Tom’s Hardware)

Apple Just Killed the Password—for Real This Time (Wired)

Apple ‘passkeys’ could finally kill off the password for good (TechCrunch)

Apple passkeys – Apple announced its implementation of passwordless authentication at WWDC22

Apple announced that it would be implementing FIDO2 passwordless authentication, which is an open security standard supported by among others Microsoft, Google, and Apple, back at WWDC earlier this year. And that its implementation will be called passkeys.

The FIDO2 standard for passwordless authentication used by Apple passkeys
The FIDO2 standard for passwordless authentication used by Apple passkeys

But Microsoft, Google, and Apple have been behind the FIDO2 initiative from early on, so this isn’t an Apple exclusive, like some of the headlines would have you believe.

Where did this all start?

Ricky Mondello, who is a software engineering manager at Apple, started a thread on Twitter to raise awareness of passkeys in upcoming Apple software releases. And then Alex Simons, Corporate Vice President, Microsoft Identity Division, chimed in to remind people about Microsoft’s solution.

Apple or Microsoft passkeys?

Apple is often putting its name in front of ‘passkeys’, using its own San Francisco font, and a custom logo. But the term passkeys will be used by Microsoft as well, which was confirmed by Simons.

Alex Simons confirms Microsoft will also adopt the passkeys name
Alex Simons confirms Microsoft will also adopt the passkeys name

Microsoft support for passwordless authentication

Microsoft has supported passwordless for ‘work and school’ accounts for a couple of years, first in preview and then in general availability since March 2021. And then introduced passwordless support for personal Microsoft accounts in September 2021

Microsoft passwordless solution can be used wherever you can install the Microsoft Authenticator app, including on iOS. And Microsoft passwordless logins work with Windows Hello and Windows Hello for Business, Microsoft’s biometric authentication technology that’s built into Windows 10 and Windows 11.

Microsoft has no doubt been leading the way on passwordless authentication. And while Google and Apple are both working on their own FIDO2 implementations, both are much later to the game than Microsoft.

Microsoft is bringing full support for logging into its services using Apple’s implementation of passkeys in the near future to iOS and other Apple platforms. And Google plans to open the developer tools needed to implement passkeys on Android “towards the end of 2022.”

What should you do to use passwordless authentication now?

You can make use of passwordless for Microsoft ‘work or school’ accounts and Microsoft Accounts (MSAs) today. Passwordless is supported in Windows, Microsoft Edge, and via the mobile Authenticator app for Android and iOS. For instance, you might enable passwordless login for your outlook.com account or your organization might do it for your Microsoft 365 login.

Microsoft announced the generally availability of passwordless authentication
Microsoft announced the generally availability of passwordless authentication

If you haven’t already done so, investigate how Windows Hello and Windows Hello for Business helps enable passwordless by adding biometric login support on Windows.

And if you’re an Apple user, then upgrade to iOS 16 and macOS Ventura in the fall.

Apple finally getting it together with their passwordless implementation

Despite all the fuss, Apple is finally getting it together with their passwordless implementation. And that can only be a good thing for security as a whole. The wider support passwordless authentication has, the closer we all get to eliminating passwords.

And while I don’t like the way the tech press often conveys Apple as innovators of everything, there’s no doubt the company has considerable sway in the tech that’s adopted in the consumer market.

And having built-in support to the OS is better than needing to install an app for passwordless support.

Apple’s FIDO2 implementation

Apple’s FIDO2 implementation looks quite interesting. For instance, when creating the initial keypair, Apple uses Bluetooth to check proximity of the authenticator device, which I don’t think Microsoft does. It’s worth watching the Apple passkeys presentation at WWDC to see how the presenter, Garrett, starts to choke up with emotion when he introduces passkeys at the beginning.