Safari 14 will allow you to log into websites with your face or finger

Apple's Safari icon on an iPhone screen

Stephen Shankland / CNET

With Safari on iOS 14, MacOS Big Sur, and iPadOS 14, you can log in to websites using Apple Face ID and Touch ID biometric authentication. That is a powerful endorsement for technology called FIDO – Fast online identity: you are paving the way to a password-free future.

Apple unveiled biometric authentication support at Safari on Wednesday at WWDC, its annual developer conference. “It is much faster and safer,” Apple Safari programmer Jiewen Tan said during one of the WWDC video sessions Apple offered after the coronavirus pandemic brought the conference online.

The change is a major boost to browser technology called Web Authentication, also known as WebAuthn, developed by allies in the FIDO consortium. Apple isn’t the first supporter – it’s already on Mozilla Firefox, Google Chrome, and Microsoft Edge, and it works with Windows Hello facial recognition and Android fingerprint authentication.

But with Apple’s influence on the smartphone market and its focus on making the technology easy for ordinary people to use, the company’s support sends a strong signal to both website developers and ordinary people. , saying in effect: “Come on, the water is fine.” That could be a great step to remove passwords entirely.

And it’s time to fix the passwords. Because we reuse them so much, hackers can often use a single password obtained through a data breach to mount attacks on many other websites as well. Passwords are difficult to invent, difficult to remember, and difficult to write, especially on phone screens. Password managers are complex and often experience compatibility problems.

Repairing passwords, then replacing passwords

FIDO technology reinforces the many weaknesses of password technology and enables passwordless authentication. Standardizes how applications and websites can take advantage of hardware security keys and biometric authentication.

That means reinforcing passwords with two-factor authentication systems that are more secure than archival SMS codes. And it enables two-factor authentication without passwords. Your first authentication is to have a registered device: a phone, a PC, or a security key. His second is the biometric check: face or fingerprint.

What’s smart about the approach is that it reduces two-factor authentication to one step. That’s much faster than retrieving a login code from a text message, email, or authentication app.

To go to the FIDO login, you will have to skip a hoop once to register your device, such as a Mac or iPhone.

Apple recommends that websites adopt FIDO login technology. This is what enrollment would look like: A user signs in as usual, sees a message to enable fingerprint or fingerprint login, and then grants permission. The next time you log in, you will go directly to fingerprint authentication.

Apple; Stephen Shankland / CNET animation

Phishing block

A great advantage of FIDO is that it blocks phishing, since login credentials are blocked on the actual version of a website. Another benefit is that, for an online service that downloads passwords, there are no passwords that hackers can steal.

In fact, when Google switched its employees to FIDO hardware and technology security keys to strengthen authentication, successful phishing attacks fell to zero, the company said.

Apple’s Tan’s does not recommend that websites download passwords, at least not yet. Old-school username and password login is an alternative for people who lose their phone or forget their laptop.

But one of the main ideas of FIDO is to finally eliminate passwords. Getting website developers to use it is a crucial step on that path.