Skip to main content

Safari is about to have a huge security advantage over Google Chrome

If you use an iPhone or an iPad, you’ve been able to launch your favorite banking app and authenticate using your biometrics in lieu of a password since Touch ID’s debut, and now Apple is looking to expand password-less logins to websites. At the Worldwide Developers Conference, Apple informed developers that Safari 14 will bring Face ID and Touch ID to websites that support Fast Identity Online (FIDO) logins on iOS, iPad OS, and macOS.

The feature, based on Web Authentication and implemented by Apple as Platform Authenticator, is expected to arrive by the end of the year and will debut with iOS 14 and macOS Big Sur, the Mac-maker stated.

Prime Day Focus
These Razer Blade Prime Day deals really pack a punch [in gaming power]
Anker SOLIX Prime Day deals: This shopping guide highlights the best discounts
Send it! This HoverAir X1 Drone can capture your adventures and it's $120 off
Secretlab Prime Day deals: Build your ideal work-from-home or gaming station

Apple revealed the new FIDO-based login in the release notes for Safari 14 beta. The company stated that it had “added a Web Authentication platform authenticator using Face ID or Touch ID, depending on which capability is present.” Essentially, Apple combines your Face ID or Touch ID with credentials that are stored on the device’s secure enclave.

This leads to multifactor authentication in just a single step, Apple WebKit engineer Jiewen Tan said.

mbile trends FaceID
Elijah Nouvelage/Getty Images

Biometric login on Safari websites will work in a similar way to how Sign in with Apple works. When you visit a compatible site that supports FIDO authentication, you’ll need to initially log in by entering your username and password for the initial visit. On subsequent visits, you’ll be greeted with a pop-up asking if you want to use your fingerprint or face to log in. The feature is built using the FIDO 2 standard, as Apple had joined the alliance earlier this year.

Unlike saved iCloud keychain passwords under the current version of iOS, for example, that auto-fills your username and password saved on iCloud, password-less FIDO logins will allow users to directly log onto the website using biometric authentication without the username and password being entered into the respective fields on the web page. The new system will make accounts more secure, as it won’t be tied to your username or password. And while websites that present high-security content may ask you to re-sign in with your physical username and password every so often, FIDO’s biometric logins don’t come with the same restrictions.

“But more importantly, it is Phishing-resistant,” Apple told developers during a WWDC 2020 engineering session, according to a MacRumors report. “Safari will only allow public credentials created by this API to be used within the web site they were created, and the credential can never be exported out from the authenticator they were created in as well. This means that once a public credential has been provisioned, there is no way for a user to accidentally divulge it to another party. Cool right?! This is the overview of the Web Authentication standard.”

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Google lead says he’s ‘disappointed’ with Apple’s new iPhone security program
iPhone 11 Pro feature image

Apple’s new hacker-friendly iPhones offer security researchers unrestricted access to devices so that they can easily hunt down vulnerabilities and bugs. But Ben Hawkes, technical lead at Project Zero, a team at Google tasked with discovering security flaws, says he’s “pretty disappointed” with Apple’s latest security program.

Hawkes, in a Twitter thread, said that its team won’t be able to take advantage of Apple’s “Security Research Device” (SRD) iPhones since it appears to exclude security groups that have a policy to publish their findings in three months.

Read more
Here’s how Google Chrome is about to get more secure
Google Chrome Stock Photo

Google announced new privacy and security updates to Google Chrome in a blog on Tuesday, with the tech giant promising that it will be more “intuitive.” 

These updates include making it easier to manage cookies and website permissions, a new tool that tells you if any of your saved passwords have been compromised, a safe browsing tool, and a customizable secure domain name system (DNS). 

Read more
Apple considered bringing the notch to the Mac, and it could still happen
iMac Face ID notch

The iconic notch that debuted on Apple's iPhone X may be making its way to the company's computers, including the MacBook series of laptops and the iMac desktop, in the future. Apple's patent filing with the United States Patent and Trademark Office from September 2019, discovered by Patently Apple, revealed a computer design with a "biometric authentication module" built into a notched portion on the computer's display.

Apple depicted how the biometric system would look on a laptop and all-in-one desktop design,  showing a notch not unlike the design found on the company's smartphone lineup.

Read more