Google’s New Passkeys: Easier login without password

Google's New Passkeys: Easier login without password

Google recently announced a significant update which promises to eliminate the need for passwords in all its accounts. This innovative functionality, called Passkeys, will allow users to sign in using a pattern, a PIN, or a biometric sensor. Therefore, users won’t have to remember or enter complicated passwords.

Passkeys are a more accessible and safer alternative, unlike conventional passwords, because they offer strong protection against scams and fraudulent attacks. Another great thing about Passkeys is that you can use them across different operating systems and browsers.

This feature is based on standard technology launched by the FIDO Alliance, an industry consortium that aims to introduce user-friendly solutions for replacing legacy authentication mechanisms.

Both users and developers hate passwords. Why? Because they often need a better user experience. They create security liability for both developers and users. Google Password Manager in Chrome and Android handles this issue through autofill. Passkeys can be an excellent tool for developers seeking even further improvements in security and conversion.

Why are Passkeys so Unique?  

In a single step, a passkey can comply with multifactor authentication requirements. That means it can replace an OTP and a password to guarantee robust protection against phishing attacks.

It would help if you created a passkey for each app or website that supports the feature of using Passkeys.

Passkeys can sync between users’ devices through end-to-end encrypted systems like iCloud Keychain and Google Password Manager. Alternatively, users can create passkeys on many devices by creating a link or a QR code on one device and scanning or opening it on another.

Google aims to encourage account holders to switch from passwords to Passkeys. Google believes that by making this feature available to its billions of customers, it will indicate to other businesses that passkeys are ready for broad adoption.

The company also claims that Passkeys are more convenient and safer than passwords. Google claims that Passkeys are part of the tech giant’s plans to design a future free of passwords. Since Passkeys are compliant with the WebAuthn standard, they’re compatible with other browsers and platforms that support it.

Passkeys that are signed into the same Google account are currently available on Android and Chrome. However, only a fraction of Android users in chosen regions have access to Passkeys now. However, Google aims to expand its user base by adding more countries and devices for this feature.

How do Passkeys Work?

This new method of signing into websites and apps offers superior user experience with ultimate security. Unlike conventional passwords, users can avoid remembering complex passwords containing small letters/caps, special characters, and numbers.

Passkeys allow users to sign into their Google accounts using face recognition, fingerprint, or screen lock PIN.

So, if you are wondering how to sign in to your Google account with the help of a Passkey, here are the steps you need to follow to create Passkeys.

You must have the following:

  • A desktop or a laptop with at least Windows 10, ChromeOS 109, or macOS Ventura installed.
  •  An Android 9 or iOS 16 or later version is installed on your mobile device.
  •  A hardware security key that complies with the FIDO2 protocol
  •  A compatible web browser on your mobile device or PC. These include Safari 16 or up, Edge 109 or up, and Chrome 109 or up. 

Now, follow these steps to activate passkeys.

  • Go to the Google page.
  • Click on ‘Create a passkey’ to Continue.
  •  Carefully follow all instructions.

·         You may need to unlock your device to complete the creation of your Passkey.

How Secure are Google Passkeys?

We all know the benefits of using a passkey to protect Google accounts. However, there are several other benefits of using passkeys.

Let’s delve deeper into these benefits.

Google recommends its users create passkeys only on devices under their control. Primarily, when you make a passkey on a device, anyone with access to the device will access your Google Account using the Passkey. That would be the case even if you log out of your Google Account.

To resolve this issue, Google made passkeys compatible with personal accounts, only.

Although passkeys offer an additional layer of security, they may need to be more foolproof. Like any other security measure, Passkeys can be fallible, and there are concerns about exploitation.

For instance, if scammers access your device, they may bypass the passkey authentication and access your account. In addition, passkeys are only a cookie-cutter security solution for some users, especially those without compatible devices or needing help keeping track of physical devices.

Another thing to note is that you should only consider passkeys as a replacement for some passwords. Instead, they offer an extra layer of security for sensitive data or high-value accounts. Like any other security measure, following exemplary practices such as keeping your devices secure, setting up unique and robust passphrases, and monitoring your accounts regularly to detect suspicious activity is crucial.

Despite launching the passkey feature, Google is yet to offer an ultimate solution for internet users who have multiple accounts.

Currently, Passkeys offer partial relief. However, users would still need to protect their non-personal accounts with passwords. A significant advantage of Passkeys is that even if you lose your phone, your Passkeys are securely stored in the cloud.  That means you can keep your Passkeys once you get a new phone.

Unfortunately, there are several misconceptions about passkeys regarding their privacy benefits, security, and usability.

Most people think the system will have a password backing things up. However, the WebAuthn protocol does not require using passwords in the system. It doesn’t because needing a password would mean the system is ‘phishable.’

In the future, applications and websites may switch to passkey-based and passwordless solutions while maintaining password authentication abilities. But technology experts also predict that passwords will eventually disappear altogether.

Final Thoughts

Technology is advancing at a fast rate. Our technology discussions are no longer limited to subjects like AI models, the comparison of GPT-3 vs. GPT-4, and Google Bard vs. Chat GPT. We are also witnessing groundbreaking advancements in the world of password security, such as Passkeys. The Google passkeys feature will soon be available for all accounts with added security capabilities.

FAQs

What is Google’s Passkeys feature?

Passkeys are a more accessible and safer alternative to passwords. Users can sign into websites and apps with passkeys via a biometric sensor. For example, you could sign in using facial recognition or a fingerprint. Other ways to sign in using Passkeys include a pattern or a PIN which means you don’t have to memorize complicated passwords.

How do Passkeys Work?

The innovative technology aims to replace conventional authentication methods such as passwords. Instead, we can view it as a digital credential connected to an app, a website, or a user account. Passkeys enable users to authenticate without entering a password or a username.

What Devices are Compatible with Passkeys?

Chrome, Android, macOS, and iOS support Passkeys.

How are Passkeys Different from Traditional Passwords?

Unlike traditional passwords, passkeys are a more accessible and safer alternative to passwords. With passkeys, users no longer have to manage and remember passwords containing numbers and special characters.

Is Passkeys More Secure than Traditional Passwords?

Traditional passwords are vulnerable to several hacking methods. However, passkeys are resistant to scams and phishing attacks. That makes them more secure than conventional security procedures like SMS one-time codes.

How do I set up Passkeys on my Google Account?

Setting up a Google account with passkeys is quick and easy. You must log in first and open your desired web browser on your device. However, make sure it should comply with Passkeys.  Now go to the Google Passkeys page. Submit your Google account credentials. Tap ‘yes’ to confirm that you want to log into your Google account.

Can I Use Passkeys on Multiple Devices?

When you create a passkey on a device, it gets synced to all your other devices running the same OS platform. Hence, you can develop passkeys on one device and use them on multiple devices.

What Should I Do If I Lose My Phone with Passkeys Enabled?

If you lose your device, you can revoke a passkey via your Google or iCloud account. However, there are specific limitations. For example, you can’t recover the passkeys stored in the cloud if you don’t have any other device belonging to the same ecosystem as the lost devices. If anything like this happens, you must request new passkeys through customer service.

Can I Still Use Two-Factor Authentication with Passkeys?

Passkeys don’t need two-factor authentication since they incorporate two different factors as part of their nature. However, it is still possible to use Passkeys with other forms of 2FA.

Are There any Disadvantages to Using Passkeys?

The only potential disadvantage of Passkeys is when you lose the secondary device you use for gaining access to your accounts. When this happens, you must reset the Passkey. However, we also recommend that you have a backup device to prevent this problem.