Google has rolled out a technology called passkeys, which will provide an easier and more secure alternative login method for Google accounts. According to Google’s blog post, “Today, ahead of World Password Day, we’ve begun rolling out support for passkeys across Google Accounts on all major platforms. They’ll be an additional option that people can use to sign in, alongside passwords.”
What Are Google Passkeys?
The Google passkeys will let users sign in to apps and websites by utilizing the security used by the device such as facial recognition, a PIN number, or a thumbprint on your phone – basically replacing a unique password that needs to be typed into a web form for each site. Unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like SMS one-time codes.
Passkeys are created with WebAuthn standard and use public-key cryptography. Once the user logs in with a passkey, this will generate a key pair where one key lives on the user’s device privately and the other key waits on a service’s servers. When the two keys match, the login information is shared and the user is granted access. It can be done by using Android’s phone built-in biometrics or other authentication to unlock and share the key.
A Better Solution
Google said that once people get used to passkeys, they will like them better and find them easier to manage than passwords. And once you’ve set up a passkey on a device, Google will automatically detect it and prompt you to log in that way going forward. “We have an opportunity here to change the way users think about signing in,” says Christiaan Brand, an identity and security product manager at Google.