At WWDC, Apple just announced Passkeys, their implementation of the FIDO protocols that aim to replace passwords. In Apple’s case, this capability will be available with iOS 16 and macOS Ventura, probably this fall. The other vendors are doubtless planning similar releases in a similar timeline.
Dan Moren from Six Colors has a post that gives a nice explanation of Passkeys and its operation by endusers. If you’re an Apple user with some or all of your passwords stored in the Apple iCloud Keychain, nothing much will change: you’ll authenticate with a fingerprint or face ID and a cryptographic exchange takes place between your device and the remote site to verify you. You can even use one device to log into another. Take a look at Moren’s post for the details.
The Passkeys mechanism will do a lot to improve security. If nothing else, there will be no more 123456
or password
vulnerabilities floating around. Of course, the scammers will still be out and about trying to get your credentials but it’s going to be much harder for them. At present, there’s no way to share a key other than through AirDrop so it will be harder to scam victims into giving up their keys especially since that from the user’s point of view, the key is their biometric information. Doubtless the scammers will find ways to probe the system but it’s going to be more secure than passwords.