The Face ID and Touch ID features on Apple devices will soon be much more useful on the web. As TechCrunch reports, Apple has outlined how Safari 14 for iOS, iPadOS and macOS will allow using those biometric authentication methods for “frictionless” sign-ins on websites. You may not have to enter your username and password after the first time you punch them in.
An initial login on a website that supports the feature will require a username, passcode, and two-factor authentication code to be entered, but after that, Face ID or ?Touch ID? can handle the login process. Signing in this way will require users to click on the sign in button, after which Safari will ask for confirmation. With the confirmation, a Face ID (or ?Touch ID?) scan is done, and the user is able to log in.
Apple says Face ID and ?Touch ID? authentication is beneficial because it’s frictionless, simple, and secure. The online session described it as “phishing resistant.”
But more importantly, it is Phishing-resistant. Safari will only allow public credentials created by this API to be used within the Web site they were created, and the credential can never be exported out from the authenticater they were created in as well. This means that once a public credential has been provisioned, there is no way for a user to accidentally divulge it to another party. Cool right?! This is the overview of the Web Authentication standard.
You’ll have to wait until the releases of the operating systems this fall before you can make use of these face- and finger-based logins. Your patience could pay off, though. As elsewhere, biometric sign-ins encourage the use of more complex passwords that are harder to crack.