PayPal prepares the burial of passwords with Apple

PayPal adopts passwords, access keys (or codes) which must replace passwords. The online payment giant starts with Apple, before expanding its effort to Microsoft (Windows) and Google (Android)

Passwords aren’t dead yet, but the grave is already dug. We already know the name of the device that will succeed them: the “passkeys” (keys or access codes in French). And we now know one of the first services to switch to this new system: it is PayPal. On October 24, 2022, the online payments giant announced that it was starting to support access keys.

Gradual deployment at PayPal

In fact, PayPal is even one of the very first to position itself on security keys, because it is still a very young device. The company’s announcement coincides with the arrival of security keys in Apple’s software ecosystem: these access keys have been available since October 24, with the deployment of the Safari browser in version 16.1 and the arrival of macOS Ventura.

No need to rush to your PayPal account, however, even if you have Apple products. The launcher starts in the United States. For other countries, the company is counting on a calendar from 2023. It will also be on this date that support for master keys will be extended to other technological platforms – in this case, Android and Windows.

An example of a connection interface with passkeys, on Ventura. // Source: Apple

The strategy with passwords is to provide a universal and interoperable password replacement solution. To do this, Apple, Google and Microsoft have formed an alliance this spring and each is working to insert these codes into its environment. Apple talked about it at a conference in early June and Google is starting to adapt Android and Chrome.

To go longer

Passwords are exchanged between friends.  // Source: Facebook

What exactly are mats?

The movement for passkeys goes beyond the Big 3 tech: passkeys are an industry standard created by the Fido Alliance and the W3C consortium that replaces passwords with cryptographic key pairs. PayPal is a member of the Fido Alliance, like countries, and other technology groups (Amazon, Intel, Facebook, Netflix, Twitter, Sony, Samsung, etc.).

The arrival of passwords does not in any way mean the end of passwords at PayPal. The platform just adds an additional connection solution, which aims to be easier to use and more secure, because these codes have the merit of erasing common weaknesses in passwords. Internet users are free to adopt it or not.

The system proposed by Apple involves unique access codes, which remain on the device. They are never stored on a web server. They can circulate between different devices belonging to the same individual (iPhone, iPad, Mac, etc.), via end-to-end encryption and the iCloud keychain.

This mechanism protects them from a data leak caused by an intrusion on a computer server, but also from phishing attempts to steal connection information (username / password): they cannot not be reused. Another advantage: it is not necessary to memorize them, because it is biometrics (Face ID or Touch ID) that will be used.

To go longer

Source: Photo Numerama

Leave a Comment