Apple’s Face ID and Touch ID have made it easier for users to log into their mobile devices like iPhones and iPads and on some Macs offering the Touch ID button. Now Apple is bringing Face ID and Touch ID to the web. At the company’s virtual Worldwide Developers Conference this week, Apple introduced a way for web developers to add support for Face ID and Touch ID to their websites, allowing Safari users to log in without having to enter their username and password.
In a WWDC session aimed at web developers, the company showed off the new functionality, which Apple touted would provide a “frictionless experience” for users.
Similar to how Face ID and Touch ID work today in iOS apps, web developers who choose to implement the new technology could prompt their users to choose a biometric authentication method the next time they visit their website.
The technology was built via the Web Authentication (WebAuthn) API, which allows developers to build authentication via the FIDO2 specification developed by the FIDO Alliance. It will be made available starting with Safari 14 for macOS and iOS, the organization said.
As CNET explains, Apple isn’t the first to use the browser technology — it’s already available in Firefox, Chrome and Microsoft Edge, for example.
Apple’s adoption, however, could push forward the larger biometrics movement. This is due, in part, to Apple’s way of making complicated technology consumer-friendly and taking on the work of user education. Apple also has a sizable community of developers who get excited to roll out Apple’s latest technology.
The new system will be, by default, multifactor in nature.
Apple’s platform authenticator uses the secure enclave of the iPhone or iPad to provide the private keys, and guarantees they can’t leave the device. It also verifies the user by either their fingerprint or facial recognition. That makes it multifactor, as it combines something you have — the iPhone — with something you are — your biometrics information.
A report by Biometric Update also noted the WWDC session revealed Apple built its own attestation service, which is an optional service for those with higher security needs — like a bank. Because this technology can sometimes be used to violate privacy, Apple built its own version where it generates a unique attestation certificate for each credential. This prevents websites from tracking users across the web. This service isn’t immediately available, but will be soon.
Apple joined the FiDO Alliance earlier this year, signaling its intention to work toward a way to replace passwords with trusted devices and biometrics. It has also patented a way to use Face ID on a Mac, but this hasn’t launched.