Here’s how to start replacing your phone’s passcode with passcode
We know the problems with passwords: They’re easy to forget, and easy for hackers to guess or brute force or download from a public data leak. That’s why tech companies are rushing to replace them with something more secure, which in most cases means the biometric data you use to unlock your phone.
While it’s not technically impossible for a particular third party to bypass any security measure, you can’t mistakenly enter your fingerprint into a fake banking website, and you’re unlikely to find your face available for download on the dark web. The risk of being hacked decreases considerably.
There are several approaches to making systems passwordless, and in the latest iOS 16 and iOS 16.1 updates, a technology called passcode has been added. These passkeys are cryptographic elements that involve a key pairing: One key is public, registered with the app or website you sign in, and the other key is private and stored on your devices.
This is by no means an approach exclusive to Apple devices, and pretty much everyone starts with password technology (or something like that). Google is at a slightly different stage in implementing these systems than Apple, although support from apps and websites is also required.
This article will walk you through the new features available on iPhone, plus also explain what’s coming to Android phones.
Passkeys on iOS
In the case of iOS, passwords work through the iCloud Keychain, so you must have this is enabled on your iPhone (for synchronizing passwords and other data between devices). You also need to use two-factor authentication for your Apple ID, which you should definitely enable anyway if you haven’t already. With these steps completed, and the latest iOS software installed, you’re ready to passcode.
To actually use passwords, you need to sign in to (or create a new account for) a service with password support. Choice is pretty limited at the moment, but apps including PayPal, eBay and the travel app Kayak already offer a password option – when you create new accounts or log into existing accounts on an iPhone using these apps, you’ll be asked if you want to create a access key.
All you need to do when the password is displayed is Print Continue (the second option, Save on another device, is for when using a public or shared device). You will be prompted for Face ID or Touch ID verification, and once done, you’re ready – your password has been created. When you need to sign in to this app in the future, you’ll need to confirm that you want to use a password, and then use your face or fingerprint again.
Since iCloud Keychain handles syncing passwords between different devices, you can recover your credentials if you lose access to one of them. It is also a recovery process in place to help you recover your information if you lose access to all of your devices at once. In theory, at the very least, the new system should be both more convenient and safer for end users.
Passkeys on Android
Over on Android, Google is a bit behind Apple with passkey support, but not by much. As on iOS, it’s going to take a while for all your favorite apps, websites and digital services to be upgraded to work with passwords, but says Google that both Android and the Chrome browser are now compatible with the feature in beta form. By the end of 2022, it should arrive in the stable software most of us use.
When it gets here, it’s going to work the same way it does on iOS. Load up a password-ready app or website, try to sign in or create a new account, and you’ll see a message asking if you want to use a password. Say yes, verify your identity using whatever technology your phone has to protect the lock screen (usually a fingerprint sensor if you’re using Android), and you’re good to go.
Login will work in a very similar way. You can also sign in to apps and websites on other devices using your password and your Android phone: These apps and websites will display a QR code, which you can then scan on your smartphone. The same verification process is started, and once your phone has verified that you are who you say you are, it will be communicated back to the other device.
Google Password Manager is about to add password support as well, meaning your encrypted logins will be synced everywhere your Google Account is used. As is the case today, how often you need to verify your identity will depend on the app and website: probably every time you open your banking app, for example, but not so much when you’re just browse social media.