And we’re back to the basis of how passkeys work; don’t let anyone know what your device passcode is. Be vigilant about your surroundings when entering your passcode in a public place.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Google Announces Support for Account Passkeys
- Thread starter MacRumors
- Start date
- Sort by reaction score
Possibly, but you run the risk of then locking users out of their keychain forever. The notes password option is very clear that you will completely lose all access to locked notes if you forget that password. Again, it’s a balance between security and convenience, and by using the passcode to access keychain, you at least are requesting something the user is likely to remember, and other people are unlikely to know (assuming the user has taken suitable precautions to protect their device passcode).
Sure, but I’m not referring to how it’s implemented under the hood, but rather how an end-user interacts with their security model. For me, I don’t want to use my passcode to access my passwords. Apple‘s implementation doesn’t support this use-case whereas third-party password managers do.
At the very minimum, Keychain should be protected by the Apple ID password. Or at least give the user the option to better protect it.
Most financial apps and 3rd party password managers apps will only accept biometrics or the account password. If biometrics fail, the only fallback is the account password. Not the phone's passcode. Very silly that Apple's Keychain (which is even more important) fallbacks to the phone's passcode when biometrics fail.
Even though you can’t see it, it’s likely that it is the keychain mechanism that contains the passkey for your iCloud login. It wouldn’t make sense for the passkey to iCloud to be protected by… the iCloud password. It needs to be something different.
If some reason the only mechanism for the keychain to be protected is by phone's passcode, at least add better protection options to the user interface that interacts with passwords and passkeys in the keychain. Where the biometrics fallback would need to be the Apple ID pw.
The fallback for the keychain couldn’t be the Apple ID PW if the passkey to the Apple ID were stored in the keychain.
What I'm suggesting as a possible solution is that internally in the OS, if a request is made to assess any saved passwords or passkeys in the keychain, it will first try the user biometrics. If biometrics fail, ask for the passcode to be able to internally OS unlock the Keychain, but then require the user to enter the Apple ID password (and compare to what's saved in keychain) to be able to see or use any saved passwords or passkeys. This additional keychain protection can be optionally turned on by the user.
Because the passcode is usually short, numeric and regularly entered in public.
And we are back to making sure you protect your passcode from prying eyes.
There’s nothing intrinsically insecure about entering device passcodes in public, unless you don’t take measures to ensure no one can see what it is. Our banks let us spend huge quantities of money with just a 4 digit PIN that you enter frequently in a public place.
American banks let people spend huge quantities of money by just signing a bit of paper, with the signature usually in plain view on the back of the card!
I’m not sure why being just as vigilant about your device passcode is somehow a step too far.
A lot of places nowadays have HD security cameras. You never know if there is a camera somewhere being controlled by someone in this growing ring of thefts. Even if you have a longer passcode, it can all be captured by a camera.
Or what if you have a family member that knows you phone's passcode for legitimate purposes, but you don't want to them to have access to all your passwords/passkeys.
That’s a compromise you need to be prepared to make.
It sounds to me like you should never unlock your device in public with your passcode in case someone is watching or has a camera pointed at you.
Apple should also add optional security protections for the keychain. Just like they recently added optional Yubikey protection.
This was the issue, deleted the macOS created passkey, created one on the iPad and now it works as expected. Thanks!
Sure, but that's not realistic. Permanent loss of access to iCloud account and access to all passwords is too big a consequence.
But the places that we enter that PIN are more controlled. And the consequences of losing your card and PIN are much less severe due to fraud protection. And much riskier for the the thief.
There is simply an issue with keeping all of your important data and access to accounts on a mobile device. You could get robbed at gunpoint and asked to unlock your device and hand it over. I bet that's already happening, anything that can be done fast within seconds. If you never installed that mobile banking app or never added that crucial password into the keychain, then there isn't anything that needs protecting.
Who actually needs to carry all of their passwords around with them every single day of the year or check their banking on the go regularly? Is it not enough to access the most crucial services only from the computer at home?
That in no way excuses Apple's lackluster security implementations that expose their users to these risks, but as someone who has been robbed at knife point and lost literally everything I had on me at that time, the weeks of reissuing documents and so on.... that was still nothing compared to what I'd have gone through if they had forced me to unlock the phone. There is a big difference between the annoyance of having to block some credit cards and actually getting your accounts emptied out via Apple Pay and other services broken into.
Who actually needs to carry all of their passwords around with them every single day of the year or check their banking on the go regularly? Is it not enough to access the most crucial services only from the computer at home?
That in no way excuses Apple's lackluster security implementations that expose their users to these risks, but as someone who has been robbed at knife point and lost literally everything I had on me at that time, the weeks of reissuing documents and so on.... that was still nothing compared to what I'd have gone through if they had forced me to unlock the phone. There is a big difference between the annoyance of having to block some credit cards and actually getting your accounts emptied out via Apple Pay and other services broken into.
With most financial apps, if the biometrics fail, the fallback is the financial account password. Not the device passcode. Silly that Apple's keychain, the database of all passwords and passkeys, has a biometric fallback as the passcode.
That is true, though one of my financial apps actually allows me to store that password in the keychain and I do for convenience (not on a device that leaves the house) - and people often store things in the keychain manually, you can just create entries like safely locked away notes. And I know of people who use their birth year as a 4 digit code everywhere they can, so you can imagine how safely they protect their bank accounts and whatnot.
An optional PIN code or password would be ideal to access the keychain. More hassle, but well worth the security.
Anybody who gains access to your passcode gets the master key into your life. All your passwords are available with that one code. That’s extremely scary. That code also allows changing the password and activating recovery key that can permanently lock you out of apple forever. So there is way too much access with the passcode.
Biometric fallback to passcode is really dumb. But at the end of the day, if the thief has your passcode, he can add his mug to faceid/touchid and access your keychain without a password.
A separate pin lock for the keychain is ideal. Make it optional for those who don’t want to use it.
Even if you get robbed at gun point and is forced to hand over passcode, perpetrator would most likely run off with the passcode and phone. At least you know the keychain is secure. Gives you enough time to remote wipe the phone or change password on the Apple ID.
I use screentime to disallow account changes, passcode changes, and cellular changes. The screentime is locked with a pin. If said phone is gone, I can disable and delete the phone remotely since thief can’t turn off find my iPhone.
Screen time has the same flaw. You can go through the forgot screen time password option on 'Change Screen time passcode' and reset it with just the phone's passcode. The thief can then still change the Apple ID password, reset the recovery key, turn off find my iPhone, and permanently lock you out of your iCloud account.
Last edited: