Apple’s browser Safari 14 will arrive with iOS 14 and macOS Big Sur. Users can log in to websites that support this new feature through Face ID or Touch ID. Safari 14 has been confirmed in the beta version of the browser. In addition, Apple also details the working principle of this feature for developers in the WWDC video. This feature is built on the WebAuthn component based on the FIDO2 standard and developed by the FIDO Alliance. It can make logging into a website as easy as logging into an app by Touch ID or Face ID.
WebAuthn is an API that hopes to make web login easier and more secure. General login passwords are easy to guess and vulnerable to phishing attacks. Unlike conventional passwords, WebAuthn uses public-key encryption technology. It also uses biometrics or hardware security keys to verify the identity of users. However, personal websites need to support this standard. The support of this feature in Safari 14 may greatly promote the adoption of this standard.
This feature update is not part of Apple’s first support of the FIDO2 standard. Last year’s iOS 13.3 supported some physical security keys that conformed to the FIDO2 standard on the Safari browser. These security keys provide more protection for the user’s account. This is important because an attacker needs physical access to the user’s key to access their account. In 2019, Safari on macOS also supports security keys. However, the new Safari 14 function will be more seamless. It mainly relies on the biometric security information built into Apple devices and does not require the use of separate hardware in the form of a security key.
Similar to what the Android system offers
The new features of the iOS system are similar to the previous Android system. Google’s mobile operating system received FIDO2 certification last year, after which Google announced that users can log in to some of its services through the Chrome browser on Android without a password.
In the past, Apple devices have been able to use Touch ID and Face ID during online login. However, before the update, this feature relied on using biometric security technology to automatically fill in previously-stored passwords on the website. Once set up, WebAuthn can be used to bypass the password filling process, which means it is not susceptible to similar attacks that can lead to insecure passwords.
Earlier this year, Apple joined the FIDO alliance and became a member of the growing team that supports the FIDO2 standard. Like Google, Microsoft also announced a password-free plan for Windows 10 last year, and in 2018 began allowing users to log in to their accounts on the Edge browser using security keys and the biometric Windows Hello security feature.