Passkeys, Google's small big step towards a “passwordless future”.
Just over 6 months since we shared here on the blog the news about the Google's proposal to put aside the use of passwords, Google has taken the plunge for this new authentication option which it called the “beginning of the end of the password”.
To this day the use of a password is the most popular method to access an account, so this method faces several challenges, including memorization, which becomes increasingly relevant due to the proliferation of the number of services that require a password.
Numerous Studies Show Scale of Data Breaches Linked to Compromised Passwords every year. Several factors cause this problem, two of the most well known being password retention, which sometimes forces some users to share their passwords with co-workers, and using the same password for multiple accounts. Given the situation, the main brands technology companies Google, Apple and Microsoft are opting for a passwordless approach.
About Passkeys
Google launched Passkeys and it is now available to all users and that includes three options: a PIN code, facial recognition or fingerprint authentication. When the feature is enabled, Google requires authentication each time a user logs in or tries to access sensitive information.
For some time, we and others in the industry have been working on a simpler and more secure alternative to passwords. While passwords will be with us for some time, they are often frustrating to remember and put you at risk if they end up in the wrong hands.
Last year, together with the FIDO Alliance, Apple, and Microsoft, we announced that we would start working to support access keys on our platform as an easier and more secure alternative to passwords. And today, ahead of World Password Day, we're starting to roll out support for passcodes in Google Accounts across all major platforms. They will be an additional option that people can use to sign in, along with passwords, two-step verification (2SV), etc.
The introduction of Passkey It's part of the strategy previously announced by Google to start phasing out usernames and passwords in favor of stronger authentication systems to better protect accounts.
And it is that unlike passwords, Passkey can only exist on the user's devices, as it they cannot be accidentally written down or given to a third party. This is stronger protection than most 2SV (2FA/MFA) methods offered today, because not only the password, but also the 2SV is skipped when you use Passkey.
Requirements to enable Google Passkey
For those interested in being able to test this new function of PassKey on their devices, they should know that there are certain requirements that not any user will be able to comply with (and it is logical, since the function is designed to work with certain technologies) and that is that Passkeys can only work on iOS 16 and Android 9.0 or later. For computers, Windows 10 or later, macOS Ventura are required, in addition, that the web browser must be at least Chrome 109, Safari 16 or Edge 109.
How to configure Google Passkey?
- To configure Passkey, you must go to this link g.co/passkeys in web browser
- Sign in to your existing Google account
- On the next page, they will be asked to generate an encryption key.
- After that, they must press the "continue" button when the pop-up window appears.
- The password key you created will be saved on your device.
- To verify their identity, they must follow the commands and use the biometric authentication feature required by their device.
- Doing so will generate your encryption key for that device.
Finally If you are interested in knowing more about it, you can check the details In the following link.