PayPal ditches passwords, at least on Apple devices
No more reusing, recycling passwords
PayPal has added passkeys for passwordless login to accounts across Apple devices.
The PayPal passkey login option will initially be available to iPhones, iPads and Macs running iOS 16, iPadOS 16.1 or macOS Ventura. It will expand to additional platforms as other vendors add passkey support. Apple, Microsoft and Google have all pledged to implement the new passwordless authentication standards by early 2023.
Passkeys allows users to login to accounts with cryptographic key pairs instead of passwords. In essence, using the device in combination with user biometric data to prove account ownership, as opposed to a username and password.
The new login method, created by the FIDO Alliance and World Wide Web Consortium, aims to eliminate passwords altogether, replacing them with a more secure authentication method. PayPal is a founding member of the organization.
According to Microsoft, 579 attacks involving passwords occur every second, or about 18 billion a year. Many of them are successful, mainly because people have a tendency to pick poor passwords or reuse them across multiple accounts.
To drive this point home, consider 82 percent of security breaches last year were attributed to stolen credentials, phishing, and human error, according to Verizon's most recent Data Breach Investigations Report. This, according to the report [PDF], illustrates the "importance of proper password protection" — or, perhaps, the need to eliminate passwords altogether.
PayPal SVP Doug Bland said the move "eliminates the risks of weak and reused credentials and removes the frustration of remembering a password.
The passwordless future is one other retailers will be eyeing, if not working to implement swiftly, but it's not about you or your online safety. According to a survey of 16,000 global consumers by biometric authentication firm iProov, 15 percent of global consumers abandon online purchases at least once a week because they forgot their password, and 32 percent ditch the shopping cart at least once a month for this same reason.
- Microsoft, Apple, Google accelerate push to eliminate passwords
- FIDO Alliance says it has finally killed the password
- Apple dev roundup: Weather data meets privacy, and other good stuff
- DHL named most-spoofed brand in phishing
PayPal began rolling out passkeys to US customers this week, and will expand to other countries early next year.
Existing customers can log in to PayPay on an Apple device using their existing credentials, and then select the option to "create a passkey." They will then be prompted to authenticate with Apple Face ID or Touch ID, and the device automatically creates the passkey. Once created, passkeys are synced with iCloud Keychain.
Additionally, customers using devices that don't support passkeys yet can still use an iPhone to log in with a PayPal passkey by scanning the QR code that appears after they enter their PayPal user ID. ®