Skip to main content

Safari is about to have a huge security advantage over Google Chrome

If you use an iPhone or an iPad, you’ve been able to launch your favorite banking app and authenticate using your biometrics in lieu of a password since Touch ID’s debut, and now Apple is looking to expand password-less logins to websites. At the Worldwide Developers Conference, Apple informed developers that Safari 14 will bring Face ID and Touch ID to websites that support Fast Identity Online (FIDO) logins on iOS, iPad OS, and macOS.

Recommended Videos

The feature, based on Web Authentication and implemented by Apple as Platform Authenticator, is expected to arrive by the end of the year and will debut with iOS 14 and macOS Big Sur, the Mac-maker stated.

Apple revealed the new FIDO-based login in the release notes for Safari 14 beta. The company stated that it had “added a Web Authentication platform authenticator using Face ID or Touch ID, depending on which capability is present.” Essentially, Apple combines your Face ID or Touch ID with credentials that are stored on the device’s secure enclave.

This leads to multifactor authentication in just a single step, Apple WebKit engineer Jiewen Tan said.

mbile trends FaceID
Elijah Nouvelage/Getty Images

Biometric login on Safari websites will work in a similar way to how Sign in with Apple works. When you visit a compatible site that supports FIDO authentication, you’ll need to initially log in by entering your username and password for the initial visit. On subsequent visits, you’ll be greeted with a pop-up asking if you want to use your fingerprint or face to log in. The feature is built using the FIDO 2 standard, as Apple had joined the alliance earlier this year.

Unlike saved iCloud keychain passwords under the current version of iOS, for example, that auto-fills your username and password saved on iCloud, password-less FIDO logins will allow users to directly log onto the website using biometric authentication without the username and password being entered into the respective fields on the web page. The new system will make accounts more secure, as it won’t be tied to your username or password. And while websites that present high-security content may ask you to re-sign in with your physical username and password every so often, FIDO’s biometric logins don’t come with the same restrictions.

“But more importantly, it is Phishing-resistant,” Apple told developers during a WWDC 2020 engineering session, according to a MacRumors report. “Safari will only allow public credentials created by this API to be used within the web site they were created, and the credential can never be exported out from the authenticator they were created in as well. This means that once a public credential has been provisioned, there is no way for a user to accidentally divulge it to another party. Cool right?! This is the overview of the Web Authentication standard.”

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Here’s how Google Chrome is about to get more secure
Google Chrome Stock Photo

Google announced new privacy and security updates to Google Chrome in a blog on Tuesday, with the tech giant promising that it will be more “intuitive.” 

These updates include making it easier to manage cookies and website permissions, a new tool that tells you if any of your saved passwords have been compromised, a safe browsing tool, and a customizable secure domain name system (DNS). 

Read more
Apple considered bringing the notch to the Mac, and it could still happen
iMac Face ID notch

The iconic notch that debuted on Apple's iPhone X may be making its way to the company's computers, including the MacBook series of laptops and the iMac desktop, in the future. Apple's patent filing with the United States Patent and Trademark Office from September 2019, discovered by Patently Apple, revealed a computer design with a "biometric authentication module" built into a notched portion on the computer's display.

Apple depicted how the biometric system would look on a laptop and all-in-one desktop design,  showing a notch not unlike the design found on the company's smartphone lineup.

Read more
Your iPhone can now act as a physical Google security key
Google account security

A year after introducing it for Android phones, Google has today announced that iPhones can now function as physical two-factor security keys for logging into the company’s own services like Gmail in Chrome. This authentication method is a lot more secure than the two-factor prompt you’re likely used to, as it requires your iPhone to be physically in the computer’s proximity.

Two-factor authentication adds an extra layer of security to your accounts. However, SMS and internet-based two-factor processes have been in the past failed to prove as secure as one would hope for. Google’s solution for that takes advantage of your phone’s Bluetooth to turn it into a dedicated security key and ensures you’re physically authenticating the login.

Read more