Google’s New Passwordless Secure Sign-In with Passkeys for Google Accounts Goes Live

Google’s New Passwordless Secure Sign-In with Passkeys for Google Accounts Goes Live

Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms.

The FIDO Alliance promotes using passkeys as an alternative to passwords for logging into apps and websites.

To accomplish this, they need only use their biometrics (such as fingerprint or facial recognition) or a local PIN to access their computer or mobile device.

ALSO, READ Hackers Sign Android Malware Apps with Compromised Platform Certificates

“And, unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like SMS one-time codes,” Google noted.

Once a passkey has been generated, it is kept secret on the device itself. If you do this, you won’t need to set up two-factor authentication because it demonstrates “you have access to your device and are able to unlock it.”

New Passwordless Secure Sign-In with Passkeys for Google 

Users also have the choice of creating passkeys for every device they use to log in to their Google Account. That said, a passkey created on one device will be synced to all the users’ other devices running the same operating system platform (i.e., Android, iOS/macOS, or Windows) if they are signed in to the same account. Viewed in that light, passkeys are not truly interoperable.

It’s worth pointing out that both Google Password Manager and iCloud Keychain use end-to-end encryption to keep the passkeys private, thereby preventing users from getting locked out should they lose access to their devices or making it easier to upgrade from one device to another.

Additionally, users can sign in on a new device or temporarily use a different device by selecting the option to “use a passkey from another device,” which then uses the phone’s screen lock and proximity to approve a one-time sign-in.

New Passwordless Secure Sign-In with Passkeys for Google 

“The device then verifies that your phone is in proximity using a small anonymous Bluetooth message and sets up an end-to-end encrypted connection to the phone through the internet,” the company explained.

“The phone uses this connection to deliver your one-time passkey signature, which requires your approval and the biometric or screen lock step on the phone. Neither the passkey itself nor the screen lock information is sent to the new device.”

ALSO, READ Privacy And Safety Precautions For Gadget Users 202

Even though this could be the “beginning of the end of the password,” the company plans to keep supporting traditional login mechanisms for the foreseeable future.

Passkeys created on shared devices are discouraged by Google because they could be used to circumvent other security measures.