The Evolution of Apple's Security Approach

Not long ago, I expressed my dissatisfaction with Apple, particularly regarding two computers that became nonfunctional due to a persistent bug that the company seemed unwilling to address. Nevertheless, I find myself continuing to use Apple devices. To echo a line from Brokeback Mountain, I wish I could quit Apple, but that’s a discussion for another time. Instead, let’s delve into a promising advancement from this tech giant.

At the recent World Wide Developers Conference, Apple unveiled what many anticipated: an upgraded MacBook Air and updated versions of their core operating systems, iOS 16 and macOS Ventura. The announcements featured various enhancements and aesthetically pleasing designs, but nothing groundbreaking—just incremental improvements.

However, one feature in Ventura piqued my interest. Although it may not have an official title, Cult of Mac summarized it well: Apple has collaborated with the FIDO Alliance to introduce passkeys, which aim to eliminate traditional passwords. Passkeys are unique digital keys that enable users to log into applications and services using Touch ID or Face ID. Unlike conventional passwords, Apple asserts that these passkeys reside solely on your device and aren't stored on any online server, making them immune to leaks or sharing.

As with many of you, I find passwords to be a significant frustration in my daily life. On most days, I struggle to remember my own name, let alone a complex password. Consequently, my security practices are probably lacking.

This new approach from Apple seems to mirror the concept behind Apple Pay. For those unfamiliar, Apple Pay allows users to make purchases without disclosing their credit card information to merchants, effectively mitigating fraud risks. I appreciate this feature and frequently use it.

If Apple is indeed introducing a clever and discreet method for managing passwords—or potentially eliminating them entirely—perhaps we should consider nominating Tim Cook for sainthood!

I don’t claim to be a technology expert, nor do I feel the need to delve deeply into the mechanics behind these innovations. My brain can only accommodate so much information. Nevertheless, I was curious about the term "FIDO Alliance." What exactly is it?

Thanks to Google, I found a concise explanation of the FIDO Alliance's purpose and functionality:

The FIDO protocols leverage standardized public key cryptography techniques to enhance authentication. During the registration process with an online service, the user’s device generates a new key pair. It retains the private key and registers the public key with the service. Authentication occurs when the client device proves it possesses the private key by signing a challenge.

In essence, it resembles Apple Pay, but for user authentication rather than payment. I’m eager to see this technology implemented—preferably yesterday.