Passkeys on macOS
May 30 2024
I've started setting up Passkeys on sites that support them. With Safari when I go to a site that has Passkeys set up I login with a click -- not really faster than the browser auto-filling in user/pass. The advantage is that on the wire the browser and web site send a one-time token back and forth so you can't intercept then eventually decrypt the password.
When I'm using my Windows partition if a web site has Passkeys I can choose external phone -- I don't have Passkeys set up on my Windows partition -- then the site shows a QR code which I can scan with my phone and then verify with thumbprint (I have an iPhone with TouchID) and it logs in. This is more time than doing it the old way but maintains high security.
On macOS the setup is stored in iCloud so available on all your other devices and at least with Safari and any other browser that uses iCloud Keychain (for example, Chrome supports Passkeys on iCloud Keychain).
When I'm using my Windows partition if a web site has Passkeys I can choose external phone -- I don't have Passkeys set up on my Windows partition -- then the site shows a QR code which I can scan with my phone and then verify with thumbprint (I have an iPhone with TouchID) and it logs in. This is more time than doing it the old way but maintains high security.
On macOS the setup is stored in iCloud so available on all your other devices and at least with Safari and any other browser that uses iCloud Keychain (for example, Chrome supports Passkeys on iCloud Keychain).