Google will soon unveil a new security feature called “passkey” that is aimed at providing a more secure and user-friendly alternative to traditional passwords and two-step verification (2SV) around this year’s World Password Day. Passkey works by generating a unique cryptographic key for each website or app that a user logs into, instead of relying on a static password or code that can be easily stolen or guessed.
According to Google, passkey will make it easier for users to stay secure online by eliminating the need for them to remember multiple passwords or enter 2SV codes each time they log in. Instead, users will be able to sign in with a single tap or click, using their device’s biometric authentication (such as a fingerprint or facial recognition) or a PIN code.
Google has acknowledged the difficulty that many users face when it comes to creating and remembering strong passwords. With the rise of phishing attacks, even using multi-factor authentication (MFA) such as 2SV can be insufficient in providing full protection against such attacks. These methods can also add additional friction to the login process. Furthermore, MFA may still be targeted by attackers using methods such as SIM swapping to bypass SMS verification.
Passkey is still in the experimental stage and is not yet available to the public. However, Google has released a technical paper that explains how the feature works and invites feedback from developers and security experts.
Passkey is just one of the many efforts that Google is making to improve the security and privacy of its users. Earlier this year, the company announced that it will be phasing out support for third-party cookies in its Chrome browser, in order to prevent online tracking and improve user privacy.
While passwords, 2SV, and other signing-in methods will still work across Google accounts, passkeys are set to revolutionize the way we think about authentication. In Google’s own words, “passkeys are the beginning of the end for passwords.” the blog wrote.
Overall, Google’s push for more secure and user-friendly authentication methods is a welcome development for anyone who has ever struggled with remembering multiple passwords or navigating clunky 2SV processes. With passkey and other innovations like it, staying secure online may soon be as simple as a single tap or click.
How passkey works?
Google is making it easier for users to protect their accounts with the introduction of passkeys. Once users have added the passkey option to their Google accounts, they will be prompted to use it when signing in or performing sensitive actions on supported devices. Administrators of Google Workspace accounts will also soon have the option to enable passkeys for their end-users during sign-in.
Passkeys are stored locally on users’ computers or mobile devices and are protected by screen lock biometrics or a PIN code. Google assures users that their biometric data will not be shared with the company or any third parties, ensuring greater privacy and security.
Passkeys can be created for multiple devices, with some platforms even allowing them to be backed up and synced across different devices. If a device with a passkey is lost, users can revoke the passkey in their account settings or remotely wipe it on some devices.
In summary, passkeys offer users a more secure and convenient way to protect their Google accounts. With the ability to create passkeys for multiple devices and revoke them if necessary, users can have greater peace of mind knowing that their accounts are well-protected.