With the introduction of passkeys, a new cryptographic keys solution requiring a pre-authenticated device, is coming to Google accounts on all major platforms, the company’s next step towards a password-free future has arrived. Google users can switch to passkeys as of right now and completely stay away with passwords and two-step verification codes when logging in.
Google, Apple, Microsoft, and other tech firms affiliated with the FIDO Alliance are promoting passkeys as a safer, more practical substitute for passwords. They can substitute a local PIN or a device’s built-in biometric authentication, like a fingerprint or Face ID, for conventional passwords and other sign-in mechanisms like 2FA or SMS verification. Since there is no password that could be stolen in a phishing attack, this biometric data isn’t shared with Google (or any other third party), and passkeys only exist on your devices, which offers greater security and protection.
How Does It Work?
When a passkey is added to a Google account, the platform will begin asking for it when you login in or when it notices potentially suspect behavior that calls for additional verification. Google account passkeys can be transmitted to other devices from the OS via services like iCloud or password managers like Dashlane and 1Password (scheduled to launch in “early 2023”). Passkeys are kept on any compatible hardware, including iPhones running iOS 16 and Android devices running Android 9.
You can still access your Google account using another person’s device. A one-time sign-in is created when the “use a passkey from another device” option is chosen; the passkey is not transferred to the new hardware. You should never set up passkeys on a shared device, advises Google, as anyone who can access and unlock that device will also have access to your Google account.
In the Google account settings, users can immediately revoke passkeys if they believe someone else may be able to access their account or if they lose the only device that contained the passkey. Users who have signed up for Google’s Advanced Protection Program, a free program that offers additional security safeguards against phishing and dangerous apps, can opt to utilize passkeys instead of their standard physical security keys.
What About The Traditional Passwords?
Because passkey support won’t be widely adopted for some time, Google accounts will continue to support traditional login methods like passwords. This provides people time to switch to the new technology who might not currently have access to a device that supports biometric authentication. Although Google urges users to switch to passkeys right away, it also states in its blog that it will examine alternative sign-in options “as passkeys gain broader support and familiarity.” This suggests that Google intends to completely switch over to passkeys in the future.
The announcement made today (3rd May, 2023) comes after Google implemented smaller passkeys. Although Google’s Chrome browser added passkey support in December of last year, passkey-compatible websites and services are still comparatively uncommon. It is therefore challenging to completely abandon passwords at this time. With corporations like Google more fully embracing a password less future, it is hoped that the authentication technology will be more quickly embraced. 1Password has a page listing which websites and services support passkeys.
