Opinions

Jamf’s Michael Covington discusses Apple Passkeys, the company’s password-less tech

Apple is paving the way for password-less technology, implementing multi-factor authentication to replace the traditional password for iOS 16, iPadOS 16, and macOS Ventura.

About Passkeys

At this summer’s Worldwide Developer Conference, the tech giant announced Passkeys, a replacement for passwords that are “designed to provide websites and apps a password-less sign-in experience that is both more convenient and more secure.”

Apple says that Passkeys are a standard-based technology that, unlike passwords, are resistant to phishing, are always strong, and are designed so that there are no shared secrets. They’re designed to simplify account registration for apps and websites, are easy to use, and work across all of your Apple devices, and even non-Apple devices within physical proximity.

Users will be able to easily use Face ID and Touch ID to authenticate their account, but just how picture-perfect is this safety feature in dealing with phishing, bots, and other cybersecurity risks? 

With 85% of users using the same password for multiple accounts and the most common password in the US is still “123456,” it’s evident that password protection is in need of an update – and passkeys may be the next-generation of account security. 

Michael Covington’s take

Michael Covington, vice president of Portfolio Strategy at Jamf, which specializes in Apple Enterprise Management, discussed his thoughts on the Apple iOS 16 launch more with Apple World Today. Here are some of his thoughts: 

Security concerns following the first iOS 16 rollout

“One noteworthy security feature coming with iOS 16 caught my eye; the introduction of Rapid Security Response. With this new model, important security fixes will be delivered separately from broader iOS updates which means faster patches and more transparency since security update details won’t be buried within lengthy release notes.Of course, every major OS update can be a challenge for companies with a large population of mobile and remote workers. IT teams have to figure out how to get devices quickly updated without breaking any critical applications running on them, this is especially true for business running custom applications.

“However, any delay to updating software can open up devices to risk especially when a new software update contains a security patch. That’s why I think the separation of security updates is ultimately a good thing for businesses; they will now be able to differentiate between the time-sensitive updates and those that are less critical.”

Why passwordless platforms still walk a fine line with phishing

“Phishing isn’t just about sign-in details, there are many forms of social engineering that can lead to PII theft, malware installation and more, and these techniques don’t rely on stolen passwords, they rely on user error. So in a business setting, fostering a culture of security awareness by training users to spot phishing is and always will be necessary. Additionally, it’s going to take time for app developers and website operators to embrace Passkey technology. Not every site and app is going to support it on day 1.

“Passkey is a great technology, particularly for consumers who might not currently use a password manager. But when it comes to enterprise use, there is always a need for layers of defense. Businesses should not rely on any single technologyto protect their sensitive data. Beyond Passkey, businesses should be layering on critical device and patch management tools, endpoint security, and web filtering technologies that work together to protect the user from a variety of threats.”

What exactly a passwordless future entails

“Passwordless technologies will lead to a future where the virtual and physical worlds are more natural — and secure — to interface with and access. Biometrics will become the user-facing layer of security that unlocks the use of passwords, key cards, and other protective mechanisms. Gaining physical access to not just your office space but potentially also your home, with your device by using the same workflows as you use to unlock your phone, your applications or digital wallet is an amazing concept! This is what passwordless starts to unlock. “This is technology Jamf is already using to allow employees to access Jamf offices using their Jamf credentials stored within Apple Wallet, eliminating the need for them to use a physical badge.”

Dennis Sellers
the authorDennis Sellers
Dennis Sellers is the editor/publisher of Apple World Today. He’s been an “Apple journalist” since 1995 (starting with the first big Apple news site, MacCentral). He loves to read, run, play sports, and watch movies.