Apple browser Safari 14 will be released along with iOS 14 and macOS Big Sur, allowing users to sign in to websites that support the new feature via Face ID or Touch ID,media reported. Safari 14 has been confirmed in the beta release of the browser, and Apple has detailed how the feature works for developers in wwDC’s video.
Built on the FIDO2 standard WebAuthn component, developed by the FIDO Alliance, this feature makes it as easy to log on to a website as easy as logging into an application protected by Touch ID or Face ID.
WebAuthn is an API designed to make network logins easier and more secure. A typical login password is easy to guess and vulnerable to phishing attacks. Unlike regular passwords, WebAuthn uses public key encryption while using security methods such as biometrics or hardware security keys to verify the user’s identity. This is a standard that requires the support of a personal website, and this support for safari 14, the regular iOS browser, may greatly facilitate its adoption.
This feature update is not the first time Apple has supported the FIDO2 standard. Last year’s iOS 13.3 supported a number of FIDO2-compliant physical security keys on Safari, a feature Google began using on its iOS accounte earlier this month. These security keys provide more protection for the user’s account because an attacker would need physical access to the user’s key to access their account. Safari on macOS also supports security keys in 2019. However, the new Safari 14 will be more seamless, relying primarily on biometric security information built into Apple devices and does not require the use of separate hardware as a security key.
The new features of the iOS system are similar to those of the previous Android system. Google’s mobile operating system was FIDO2 certified last year, after which it announced that users could sign in to some of its services without a password.
In the past, Apple devices have been able to use touch and Face IDs while logging in online, but before the update was released, the feature relied on the use of biometric security technology to automatically fill in previously stored passwords on a website. Once set up, WebAuthn can be used to bypass the password filling process, which means it is not vulnerable to similar attacks that can lead to password insecurity.
Earlier this year, Apple joined the FIDO Alliance as part of a growing team supporting FIDO2 standards. Like Google, Microsoft announced plans for Windows 10 password-free last year and will begin allowing users to log on to their accounts on Edge browsers in 2018 using security keys and biometric Windows Hello security features.