Avatar
MacRumors 2y ago

Amazon Adds Support for Passkeys, Allowing for More Secure Logins

Amazon today announced that it has added passkey support to its desktop sites and mobile apps, allowing customers to sign in to their accounts without the need for a password.

Passkeys are a more secure alternative to passwords because a passkey cannot be shared with another person through a phishing attempt or leaked online through a database hack. Passkeys do not require customers to remember a password or add a two-factor authentication code, but they do require a verified device.

iPhone, iPad, or Mac, logging in to an Amazon account can be done with a Face ID or Touch ID scan once the feature is turned on. To enable it, go to Your Account > Login and Security, and choose the Set up option next to Passkeys.

implemented support for passkeys with iOS 16 and macOS Ventura. Passkeys work through a public key that's stored on a website server and paired with a private key that's kept on a specific device. On Apple's devices, passkeys are authenticated with ‌Face ID‌ or ‌Touch ID‌, and two keys must match to allow for a user to log in.

iCloud Keychain, which in turn requires two-factor authentication for further protection. Passkeys sync across all of a user's ‌iPhone‌, ‌iPad‌, and Mac devices, but they can also be used on non-Apple devices through a QR code system.

Tags: Amazon, Passkeys

This article, "Amazon Adds Support for Passkeys, Allowing for More Secure Logins" first appeared on MacRumors.com

Discuss this article in our forums

https://www.macrumors.com/2023/10/23/amazon-adds-support-for-passkeys/

Reply to this note

Please Login to reply.

Discussion

fd
nobody 2y ago

Do you have positive or negative views towards passkeys nostr:npub1r0rs5q2gk0e3dk3nlc7gnu378ec6cnlenqp8a3cjhyzu6f8k5sgs4sq9ac ?

Avatar
HoloKat 2y ago

Good question. I think it’s a double edged sword perhaps. On one hand you’ll have fewer account breaches due to stolen passwords. On the other hand it may be easier to force people to unlock their accounts. If a judge orders you to log into your account, you have plausible deniability in saying you forgot your password. But with biometrics they’ll just force you to put your finger on there or look at the phone and done.

72
nobody 2y ago

In the United States you cannot be compelled to reveal your password by a judge, because it is protected under the 5th Amendment.

Passkeys, and any form or biometric login bypasses this protection completely. I strongly advise anyone hiding information from the US government to reconsider using biometrics or passkeys.

Avatar
HoloKat 2y ago

Even if you have nothing to hide, consider what it means for your rights.

72
nobody 2y ago

Yes. Security considerations should always begin with the question, “secure from whom.”

Passkeys are great for businesses to stop phishing and dumb employees. A journalist in a hostile nation would be an idiot to use it.

Avatar
PaddleManJoe 2y ago

Graphene OS is a couple button presses away from "lockdown," it will require a code to get back in. There is also a setting that you can use that will put it into lockdown mode after sitting idle for too long. So Grapheme OS does offer some mitigations for biometric vulnerability.

72
nobody 2y ago

Both stock Android and iOS do this as well. It is good to spread awareness. On iOS it is five taps of the lock button. I believe it’s similar on Android.

fd
nobody 2y ago

That's a good point, also matters who's in control of your passcodes.

Avatar
NoStranger 2y ago

You can use your foot for the fingerprint.