Apple knows that passwords alone are a flawed method of securing your accounts. They are often lost, forgotten, or end up in breaches. It was with this in mind that the iPhone maker this year joined the FIDO Alliance, an organization dedicated to reducing reliance on passwords and moving towards new authentication methods including security keys and biometrics such as Face ID and Touch ID.
Now Apple is building on its FIDO membership even further, by making the bold security move to add Touch ID and Face ID to its Safari browser to allow iPhone and iPad users to authenticate themselves across the web.
The iPhone maker announced the new move to bring Touch ID and Face ID to the web in Safari 14 at its WWDC conference this week. It’s able to do this because of the FIDO2 standards’ Web Authentication (WebAuthn) API, which allows developers to build this form of authentication into their websites.
When the capability arrives later this year, you will be able to enable Face ID or Touch ID on your iPhone or iPad after initially authenticating yourself to a site. The website owner will then prompt you to use biometric authentication via a pop-up box on your next visit.
At first it will only be possible on your iPhone or iPad, but Apple has recently patented biometric authentication on MacBooks too.
As well as via apps, Apple users can already authenticate themselves via the Autofill function while browsing using Face ID or Touch ID. This is convenient but still typically sends a password to the service provider.
But the new login alternative in Safari 14 provides a higher level of security because it’s based on cryptographic keys instead of passwords.
Apple’s new security move is important for all users
Apple isn’t the first to add WebAuthn to its browser—Google and Microsoft are also using this technology via Chrome and Edge—but the iPhone maker’s move is still very significant.
Apple has a way of making complex security protocols simple for a wide consumer audience. It’s already bought security keys such as the Yubico YubiKey to more users, and its Keychain password manager is a great entry level product for those not accustomed to using this sort of service.
Apple is also working on an open source project to help make passwords stronger for everyone across the web.
Andrew Shikiar, executive director of the FIDO Alliance calls Apple’s new security move “a huge step forward in the industry’s movement beyond passwords.”
If this Safari 14 update is as intuitive as its previous security features, Apple users will just use it without thinking. And if its more commonplace to use your face or fingerprint to access a website, people use it across browsers or services—ultimately improving security for everyone.