Google has started rolling out Passkey support for Google Accounts. Once you set it up, you won’t need passwords for Google services such as fingerprint, facial ID, PIN, and other security features for authentication. This could mean the end of passwords is nearing.
Passkey is essentially designed to replace passwords using the device’s security features.
For this to work, users need to generate a passkey for the device they use or the operating system or app. A private key is stored on the device and a corresponding public key is uploaded to Google.
So, when a user signs in, a unique challenge needs to be solved using the private key to create a signature. This signature is authenticated by using the very public key, which enables users to access the Google account.
Each passkey is unique for each service so it involves no risk of a compromised account threatening other accounts using a passkey.
Passkey for Google Account will prevent phishing attacks
Google says that using passkeys for Google accounts will effectively minimize phishing, SIM swap, and other tricky ways to obtain passwords and evade authentication processes. That is because, with the passkey, the private key and the biometric data are never shared.
The company even says that it will look for accounts that use passwords with a likelihood of a sinister plan.
TRY IT HERE: Go to g.co/passkeys.
How does Google Passkeys work?
Passkeys is based on FIDO standards which allows passwordless sign-in. Passkeys manage users’ login information through public-key encryption where a public and private key are generated. The public key is stored by the website you log into, and the user has the private key. You can store the private key to the device and also sync it to an account to access other devices. The two keys combine to unlock access to websites or apps.
Passkeys are a new way to sign in to apps and websites. They’re both easier to use and more secure than passwords, so users no longer need to rely on the names of pets, birthdays or the infamous “password123.”Google on its rollout of Passkeys
Why would you want Passkeys?
The simple answer is higher security. Given that you may have a strong password combination of letters, numbers, and symbols and two-factor authentication (2FA) but that still is vulnerable to attacks from Phishing and SIM-swaps. Simply put, Passkyes elevates security.
Google only stores your public key and gets no access to your private key. And the Passkeys are unique for the website they’re originally generated for. So, the need for other security measures is ruled out with the Passkey technology.
End of passwords!
Google started the Passkey technology rollout on World Password Day and called it “the beginning of the end” for passwords for Google accounts. However, we are still in the early phase as websites and apps will take time for the adoption of technology.
There are many password managers available in the market. Google’s passkey is meant to end their existence. However, 1Password CEO Jef Shiner has hailed Google’s move. He said it would allow 1.5 billion people to try passkeys. But he insisted that wider adoption will need users to switch between Android and iOS more easily.
“As we actively work with other Fido alliance leaders to eliminate passwords, we’ll inevitably remove one of the phishers’ biggest rewards – credentials,” he stated. “This is a tipping point for passkeys and making the online world safe.”
Google rolled out its support for storing passkey in Chrome and Android in October 2022. Microsoft and Apple have also expressed their will to adopt passwordless sign-in technology.