Cloud Hosting

Weve seen some baby steps towards using our iPhone for proving our identity. But a couple of recent developments point to a future in which an iPhone plus biometrics could let us use our phone as a single means of verifying our identity, both online and in face-to-face interactions.

In all, Apple provides support for four initiatives which I think provide a clear pointer to a future in which the iPhone will be our one-stop device for ID

Apple currently offers support for four separate initiatives:

Each of these form some early stepping stones to what will eventually be a world in which our iPhone will be the primary way in which we prove our identity, both online and offline.

Back in June of last year, Apple announced its plans to allow state ID documents like driving licences in the Wallet app.

To be fully free of your physical wallet, theres one more thing we need to bring to iPhone. And thats your ID. So were bringing identity cards to Apple Wallet. This fall, youll just scan your drivers license or state ID in participating US states. Its that easy. Your ID information is now in Wallet. Encrypted and stored in the Secure Element, the same hardware element technology that makes Apple Pay private and secure.

The company said that the Transportation Security Administration (TSA) would be climbing aboard, allowing iPhone owners to present digital versions of their driving licences as proof of ID for airline travel.

The TSA is working to enable airport security checkpoints as the first place you can use your digital ID.

That didnt happen in the fall of 2021 as scheduled, and when it did finally happen, it was just dipping a toe in the water. As the mDL (mobile driving licence) tracker shows, the system hasnt yet been officially implemented anywhere in the US as yet, and there are just a handful of trials at a tiny number of airports.

The wheels of government grind exceedingly slowly, so the point at which we can flash our iPhone at a TSA checkpoint or traffic cop are some way off yet, but some 30 states have announced that they are at least exploring the idea.

Partnering with Blackboard lets college students store their ID card in the Wallet app, which can then be used for everything from entering campus facilities to paying their laundry bills.

Students who load their IDs into Apple Wallet on iPhone/Apple Watch will be able to have secure access to campus facilities, residence halls, and more in addition to using the digital card for payments at vending machines, dining halls, laundry, and even off-campus retail locations that accept student IDs as payment.

Back in 2020, Apple joined the Fido Alliance, a tech working group dedicated to eliminating passwords. Weve previously explained how FiDO (Fast IDentity Online) works.

Currently, to log in to a website or app, we usually enter a username and a password. What FIDO does is instead allow our device to authenticate us. The logic is this (using an iPhone with Face ID as an example):

At no point is there a password involved: Authentication is performed on your device, not on the website server. The web server trusts your iPhone to authenticate you in exactly the same way that payment terminals trust your phone for Apple Pay transactions.

Apple branded its implementation of FiDO as Passkeys in the Cloud. After a halfway house in iOS 15, the iPhone maker has fully implemented this in iOS 16 and macOS 13.

Of course, it also requires online services to support the login method, and this will again take time.

iOS 16 allows allows us to bypass Captchas in apps and on the web.

A new feature called Private Access Tokens will use a combination of details about your device and your Apple ID to inform a website that you are a legitimate user rather than a robot. In turn, this allows you to completely bypass the CAPTCHA step.

This might seem like an odd thing to mention in this context, as it doesnt actually verify our identity, but it operates on the same principle it carries out a form of user validation, and the authentication needed for this happening entirely on our device.

Again, this requires apps and websites to sign-up, so rollout will take some time, but its an easy way to improve the user experience while reducing friction (points at which people might give up), so Id again expect adoption to be reasonably brisk.

Long-term, Id expect the principles involved here to become the standard way we prove our identity, both online and offline. This is because its safer for all involved individuals, companies, and governments.

Its safer for us both online and offline.

Online data breaches are ridiculously common. Companies keep making ridiculous mistakes like storing customer databases on cloud servers without any protection, or messing up permissions to anyone with access to their network can download customer records. With FiDO, there is no database to hack

Offline, only the necessary personal data is revealed, and that is done in encrypted form. When you show your mobile driving license at a TSA checkpoint, they only receive the actual data they need, not all the data stored on/in your license. Its very much equivalent to Apple Pay, where the payment terminal doesnt get all of the information on your credit card, and relies on your iPhone confirming that it has verified your identity with Face ID or Touch ID.

One of the biggest headaches for businesses is keeping customer data safe from hackers. The financial and reputational cost of a security breach can be extremely costly. With FiDO, no user credentials are stored on the server as the authentication happens entirely on our devices. (Of course, they still have to keep other customer data safe, but removing the need for login credentials is a big win.)

Paper documents can be convincingly forged, despite watermarks and the like, which is why really important ones like passports also rely on electronic security in the form of an embedded RFID chip. Moving all identity documents to electronic versions, with biometric protection, is a huge step forward in security.

I mentioned above that companies will still have to store some customer data, like addresses. But what if they didnt have to? What if you place an online order, and your iPhone or Mac sends an encrypted code which can only be decoded by courier companies?

What if your doctor didnt phone you with test results, but instead sent you a link to a file which can only be read by a device which uses biometric authentication to prove your identity?

What if you didnt have to show your credit card or ID when collecting concert tickets, but your iPhone verified your identity without revealing any of your data?

It doesnt take much imagination to see the massive potential for on-device authentication to be used in any situation in which we need to prove our identity, whether online or offline.

To me, on-device authentication is the future of ID checks, even eventually passports and visas. Personally, I cant wait. What about you? Please take our poll, and share your thoughts in the comments.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

Original post:
The iPhone will be the future of proving our identity, online and offline - 9to5Mac