Passkeys: Locked in Apple's iCloud keychain?

Passkeys: Locked in Apple's iCloud keychain?
3 min read
09 May 2023

Passkeys are seen as a secure alternative to passwords. However, one critic complains about the cloud dependency with Apple. But apparently, a remedy is in sight.

Why are Passkeys, as a password alternative on Apple devices, tied to iCloud? This question is currently the subject of a heated debate on the internet, in the course of which an Apple developer also intervened and announced that Apple specifically intends to open up the current Passkey management more. He promised functions to import and export keys.

The fact that Passkeys have come back into focus at all is currently due to the support of the password alternative by Google. The tech giant has introduced the new access method in its services. Passkeys are cryptographic elements in which a one-time code is generated on the user's device using a private key. This is compared by the service that the user wants to log into using a public key of the user. The use of Passkeys can be linked to a PIN input or biometric methods such as facial recognition or fingerprint. This allows users to log in more conveniently and at the same time, the process is significantly more secure than using passwords. Apple announced the introduction at the WWDC developer conference in the summer of 2022

Criticism of iCloud dependency

However, US developer Jeff Johnson criticized in a blog post that in the Apple operating system, the use of Passkeys is currently linked to iCloud and its Keychain management, and that there is no way to extract the Passkeys there for local storage. He sees this cloud dependency as an attempt to bind users to the manufacturer's ecosystem. However, this contradicts the idea of Passkeys, which derive from the FIDO2 standard. He also cites occasional cloud failures and sometimes poor synchronization speed as arguments against cloud usage. In addition, cases of iPhone thefts have recently surfaced where thieves were able to take possession of the owner's Apple ID by spying on the device PIN. Consequently, Passkeys would also be potentially at risk.

Johnson's demand to make Passkeys locally storable was picked up by Ricky Mondello, a software developer at Apple and self-proclaimed specialist on the topic. He explained on Mastodon that Apple plans to make Passkeys importable and exportable: "Across devices and across Passkey managers. This is not currently the case, but it will be soon."

Open statement by an Apple developer

The move of an Apple developer to the public is surprising because Apple usually only provides information through its PR department – not through individual employees. Mondello also explained in another Toot that he didn't say anything new. However, Johnson, like many others following the topic, responded that he was not aware of this opening up until now. Nevertheless, he is still not satisfied with Mondello's statements, as they still suggest an iCloud dependency. Consequently, the Passkeys would first have to be transferred to the cloud in order to export them locally. Furthermore, his concern is not about switching password managers but that Apple generally chooses a different approach.

In case you have found a mistake in the text, please send a message to the author by selecting the mistake and pressing Ctrl-Enter.
Den W. 3K
I'm a passionate tech enthusiast who loves diving into the world of software, programming, and tech reviews.
Comments (0)

    No comments yet

You must be logged in to comment.

Sign In / Sign Up