Skip to main content
banner image
venafi logo

Apple Passwordless Future Brings Passkeys Into Focus

Apple Passwordless Future Brings Passkeys Into Focus

June 22, 2022 | Brooke Crothers

Machine identity management, as offered by Venafi, and human identity management are looking increasingly similar as major tech companies like Apple move to a passwordless future.

Machine identity is essential for security. Find out how Venafi can help.
Making passwords passé

Everyday cybersecurity headlines highlight the intrinsic failings of passwords.  Large-scale phishing attacks and massive data breaches are almost invariably password related.

Apple wants to fix this by moving to passkeys. Simply put, passkeys provide a passwordless sign-in for websites and apps. For users, passkeys scream convenience. On an Apple device, a quick Face ID sign-on, for example, is all that’s needed.

But convenience isn’t the impetus behind passkeys. It’s security.

Here’s how Apple describes the benefits of passkeys:

“Passkeys are a standard-based technology that, unlike passwords, are resistant to phishing, are always strong, and are designed so that there are no shared secrets. They simplify account registration for apps and websites, are easy to use, and work across all of your Apple devices, and even non-Apple devices….”

--About the security of passkeys, Apple

FIDO sets the standard

While Apple is a leading advocate of a passwordless future, other big tech companies such as Google and Microsoft, along with Apple, are behind a standard set by the Fast Identity Online Alliance (FIDO), which is comprised of over 250 companies. The goal is to create a common format for online authentication.

“The key thing is, we’re not sending any human-readable secrets over the network,” Andrew Shikiar, executive director and chief marketing officer of the FIDO Alliance, told the Wall Street Journal.

The newest FIDO standard promises to offer authentication for a website or an app regardless of the OS platform. And users won’t have to re-enroll every account.

Elements of a robust machine identity management model

Apple passkeys are built on the WebAuthentication (WebAuthn) standard, which uses public key cryptography.  Public-key cryptography, or asymmetric cryptography, uses a pair of keys consisting of a public key (accessible by others) and a private key on the device (not accessible by anyone except the owner of the device).

Based on the Public Key Infrastructure (PKI), public key cryptography is used in machine identity management, as described by Venafi.

And there are foundational commonalities to a passwordless framework as described by Apple, says Pratik Savla, Senior Security Engineer at Venafi.

“Machines and Machine Identity Management are central to this setup as this approach involves binding a credential to a particular origin and hence makes a machine (device) very crucial for correct identification,” according to Savla.

“This model makes physical security of the device as well as the security of the underlying OS of prime importance. The OS vendors will more or less become the sole identity providers in this setup,” Savla said.

But this doesn’t mean the passwordless future is flawless.

“This in turn would make passwordless keys an attractive target of attackers,” according to Savla. “Additionally, it creates a single of point of failure,” he added.

Venafi and Axiad partner on passwordless authentication

To make a passwordless future more secure, in March, Axiad, a provider of cloud-based passwordless authentication for users and machines and a member of the FIDO alliance, announced a technology partnership with Venafi to help customers manage credentialing needs.

Axiad Cloud provides enterprise PKI integrated with Venafi for automated machine identity management.

“As digital transformation accelerates and traditional security perimeters disappear, identity is no longer just about users,” Axiad said in the press release.

The number of machines on enterprise networks, including mobile devices, workstations, applications and IoT devices is continuing to grow, with machines outnumbering people by more than three to one, Axiad said.

“Each machine requires a unique credential, or digital certificate, to authenticate and establish trust…The failure to adequately track, maintain and update all of the digital certificates across a network exposes organizations to a much higher risk of attack. It can also result in costly business stoppages if these certificates expire,” Axiad said.

Related Posts



Like this blog? We think you will love this.
image representing big data
Featured Blog

Le chiffrement homomorphe : Définition et utilisation

Qu'est-ce que le chiffrement homomorphe ? Le

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more