Here’s how to start replacing your phone’s passcode with passcode
Passwords are out, fingerprints (and faces) are in.
We know the problems with passwords: They’re easy for you to forget, and easy for hackers to guess or brute force or download from a public data leak. That’s why tech companies are rushing to replace them with something more secure, which in most cases means the biometric data you use to unlock your phone.
While it’s not technically impossible for a particular third party to bypass any security measure, you can’t mistakenly enter your fingerprint into a fake banking website, and you’re unlikely to find your face available for download on the dark web. The risk of being hacked decreases considerably.
There are several approaches to making systems passwordless, and in the latest iOS 16 and iOS 16.1 updates, a technology called passcode has been added. These passkeys are cryptographic elements that involve a key pairing: One key is public, registered with the app or website you sign in, and the other key is private and stored on your devices.
This is by no means an approach exclusive to Apple devices, and pretty much everyone starts with password technology (or something like that). Google is at a slightly different stage in implementing these systems than Apple, although support from apps and websites is also required.
This article will walk you through the new features available on the iPhone, as well as explain what’s coming to Android phones.
Passkeys on iOS
In the case of iOS, passwords work through iCloud Keychain, so you need to have this enabled on your iPhone (for syncing passwords and other data between devices). You’ll also need to use two-factor authentication for your Apple ID, which you should definitely enable anyway if you haven’t already. With these steps completed, and the latest iOS software installed, you’re ready to passcode.
To actually use passwords, you need to sign in to (or create a new account for) a service with password support. Choice is pretty limited at the moment, but apps including PayPal, eBay and the travel app Kayak already offer a password option – when you create new accounts or log into existing accounts on an iPhone using these apps, you’ll be asked if you want to create a access key.
Kayak is an app that already offers password support.
All you have to do when the password is displayed is press Continue (the second option, Save on another device, is for when using a public or shared device). You’ll be prompted for Face ID or Touch ID verification, and once that’s done, you’re good to go – your password is created. When you need to sign in to this app in the future, you’ll need to confirm that you want to use a password, and then use your face or fingerprint again.
Since iCloud Keychain handles syncing passwords between different devices, you can recover your credentials if you lose access to one of them. There’s also a recovery process in place to help you get your information back if you lose access to all your devices at once. In theory at least, the new system should be both more convenient and safer for end users.
Passkeys on Android
Over on Android, Google is a bit behind Apple with passkey support, but not by much. As on iOS, it’s going to take a while for all your favorite apps, websites and digital services to be upgraded to work with passwords, but Google says both Android and the Chrome browser are now compatible with the feature in beta form. By the end of 2022, it should arrive in the stable software most of us use.
When it gets here, it’s going to work the same way it does on iOS. Load up a password-ready app or website, try to sign in or create a new account, and you’ll see a message asking if you want to use a password. Say yes, verify your identity using whatever technology your phone has to protect the lock screen (usually a fingerprint sensor if you’re using Android), and you’re good to go.
Passkey support is coming to Android and Chrome.
Login will work in a very similar way. You can also sign in to apps and websites on other devices using your password and your Android phone: These apps and websites will display a QR code, which you can then scan on your smartphone. The same verification process is started, and once your phone has verified that you are who you say you are, it will be communicated back to the other device.
Google Password Manager is about to add password support as well, meaning your encrypted logins will be synced everywhere your Google Account is used. Like today, how often you have to verify your identity will depend on the app and website: probably every time you open your banking app, for example, but not so much when you’re just browsing through social media.
More from Gizmodo
Sign up for Gizmodo’s newsletter. For latest news, Facebook, Twitter and Instagram.
Click here to read the full article.