Safari will use Face ID and Touch ID for passwordless login in the future
Apple allows users to use Touch ID and Face ID instead of passwords to access sensitive applications (such as those used for banking or password management). In the future, Face ID and Touch ID can also be used for website authentication purposes when users log in to Safari.
Apple outlined this feature at the WWDC20, called “Meet Face ID and Touch ID for the web”, which introduced how web developers can use Face ID and Touch ID on their websites through the Web Authentication API.
When performing initial login on a website that supports this feature, you need to provide user name, password, and double authentications. But after that, Face ID or Touch ID can handle the login process. Signing in this way will require the user to click the “Login” button, and then Safari will ask you to confirm. After confirmation, the Face ID or Touch ID scan will be completed, and then the user can log in.
Apple said that Face ID and Touch ID authentication is beneficial because it is simple and secure. But more importantly, it has anti-phishing capabilities. Safari only allows public certificates created by this API to be used on websites created by this API, and the certificate can never be exported from the authenticator it created. This means that once a public certificate is provided, the user cannot accidentally disclose it to another party.
In the past, Apple devices have been able to use Touch ID and Face ID during online login, but before this update was released, this feature relied on using biometric security technology to automatically fill in previously stored passwords on the website.