Apple’s WWDC 21 had a great set of new announcements around security. The most exciting one for us Identity and Access Management (IAM) geeks is the update on Apple’s commitment towards moving beyond passwords.
In this post, I wanted to share some thoughts on this great announcement and what it means for enterprise identity and authentication.
The updates presented by Garrett Davidson from Apple build on Apple’s previous support for FIDO2 and WebAuthn open standards in the Safari browser on both iOS and OS X (now MacOS). Previously, Apple provided support for passwordless authentication in the Safari browser by adding a FIDO2 authenticator to the underlying operating system. This was a step in the right direction and followed Google’s Android passwordless implementation, which has been available for nearly three years.
Apple’s approach to passwordless is not particularly unique since it adheres to the FIDO standard, however their implementation and approach to the credential recovery problem is unique and relevant to enterprises. One refreshing aspect of their messaging and stance on authentication is their dedication to eliminating shared secrets.
Statements such as “Each time that a secret is shared, there is risk,” and “Servers are less valuable targets for hackers because there are no shared secrets to steal” are encouraging to hear and reflect what we’ve been saying at HYPR for years. We put it this way: moving away from shared secrets takes an enterprise from an infrastructure that’s expensive to defend and easy to attack to one that’s expensive to attack and easy to defend.
Overall the developments from Apple are highly encouraging and have an eye on the future of a passwordless world. Many of their approaches are consumer-centric which is understandable, but for those of us who want to leverage these powerful tools on the enterprise side, there are major security aspects to consider. It will be interesting to see how the MDM technologies in the market address and enforce the Passkeys replication capabilities within Apple’s products. It’s exciting to see future developments from Apple on this topic and we look forward to providing these additional capabilities to HYPR customers soon!