Google takes big step towards 'passwordless'

Google takes big step towards 'passwordless'

Image:
Google takes big step towards 'passwordless'

Passkeys differ from passwords in that they can only exist on the user's devices and cannot be written down or inadvertently disclosed to malicious actors

Google on Wednesday launched "passkeys" - a new and secure way of signing in to apps and websites, marking a significant step toward a passwordless future.

The new feature, introduced for billions of accounts, is available on all major platforms and promises to enhance the user experience by allowing them to log in using biometric identifiers such as facial recognition, fingerprints or screen lock PINs.

According to Google, the passkeys feature aims to simplify the sign-in process for users and eliminate the need to enter a password or use two-step verification (2SV) when signing in.

However, the company clarified that passkeys feature is an optional way for users to sign in, alongside existing methods. In the upcoming months, Google aims to encourage users to switch from traditional username and password logins to the new feature.

According to Google, a passkey is a safer alternative to passwords. It will be securely stored on the user's local computer or mobile device, and the user will be required to authenticate themselves using their screen lock biometrics or PIN to access it.

"Biometric data is never shared with Google or any other third party - the screen lock only unlocks the passkey locally," Google said.

Passkeys differ from passwords in that they can only exist on the user's devices and cannot be written down or inadvertently disclosed to malicious actors.

"When you use a passkey to sign in to your Google Account, it proves to Google that you have access to your device and are able to unlock it. Together, this means that passkeys protect you against phishing and any accidental mishandling that passwords are prone to, such as being reused or exposed in a data breach."

In situations where passkeys are not yet supported on certain devices, users can fall back to their traditional sign-in methods.

If a user suspects that their account may be compromised, or if they lose the device containing the passkey, they can revoke the passkey from their Google account settings.

Commenting on Google 'passkeys' feature, Andrew Shikiar, executive director of the FIDO Alliance, an industry association that aims to reduce reliance on passwords, said: "We're thrilled with Google's announcement today as it dramatically moves the needle on passkey adoption due both to Google's size, and to the breadth of the actual implementation — which essentially enables any Google account holder to use passkeys."

"I also think that this implementation will serve as a great example for other service providers and stands to be a tipping point for the accelerated adoption of passkeys."

Instructions for creating a Google passkey on a computer, phone or tablet are available on the company's website at g.co/passkeys.

For Google Workspace accounts, Google says admins will soon be offered the option to enable passkeys for end-users during sign-in.