Apple

authentication – Can Passkeys act as FIDO2 U2F gadgets, changing YubiKeys?


To place it extra exactly, can Apple’s new Passkeys function permit Apple gadgets to mainly use their built-in Safe Enclaves like built-in U2F gadgets, changing exterior USB safety dongles like YubiKeys? So your two issue authentication (2FA) elements change into “one thing you might have” (an Apple system together with your Passkey non-public keys within the Safe Enclave), and “one thing you’re” (your face/fingerprint biometrics)?

I appear to recall that the brand new Passkeys function that Apple introduced at WWDC 2022 to be in Apple’s Fall 2022 OS updates (iOS 16, macOS 13 Ventura, Safari 16, and so on.) appears to be constructed, not less than partially, on business normal authentication schemes similar to FIDO2.

I do know FIDO2 is what permits “Common Second Issue” (U2F) gadgets like YubiKey USB dongles to work as a bodily multifactor authentication (MFA) gadgets.

Placing these two issues collectively, does that imply that the Passkeys function will permit me to make use of my Apple gadgets (through FaceID/TouchID and Safe Enclave) as FIDO2 U2F gadgets, obviating the necessity for devoted U2F USB dongles similar to YubiKeys?

For a concrete instance, when signing into Amazon Internet Providers (AWS), one possibility for MFA is to make use of FIDO2 to assist issues like YubiKeys; this retains you from needing to trouble with getting a 6-digit TOTP code from an Authenticator apps, or utilizing insecure SMS to get a code despatched to you. I am hoping I am going to be capable of choose that MFA technique on AWS however set it up to make use of Passkeys as an alternative of needing a YubiKey.

What's your reaction?

Leave A Reply

Your email address will not be published.