Are you constantly struggling to remember passwords? Worried about your passwords being stolen or leaked by hackers? Do you think it's too much trouble to enter a password and verify it twice every time you log in to your account? To address these concerns, Google has introduced a new feature called Passkey that makes it easier and more secure to log into Google accounts without using a password.
Passkey is a cryptographic-based authentication technology that replaces your Google password with the password you already have on your device (phone, tablet, laptop, desktop, etc.) (PIN, fingerprint, facial recognition, etc.). This way, when you log into your Google account, you simply unlock your device and can go straight to your account without having to enter a password or perform a secondary verification. This not only saves time, but also improves safety.
Google said passwords were no longer fit for the modern online environment because they were vulnerable to reuse, hacking and phishing scams. Passkeys avoid these problems because they can't be written down or accidentally revealed to the bad guys, and they can't be affected by cyber attacks or data breaches. Google argues that Passkey is more powerful than most current secondary verification methods, allowing you to skip the password and secondary verification steps.
To use Passkey, you need to create a Google Passkey account for each device, IT Home has learned from Google officials. In the background, the device stores a private key, and Google uploars a corresponding public key. When you log in, Google asks your device to sign a unique challenge code with your private key, which your device does only after you unlock it. Google then verifies the signature with the public key. If you're logging in with a new (or temporary) device, you can scan a QR code with Passkey on your phone and check the distance via Bluetooth. On the new device, you just need to select "Use Passkey on another device" and follow the prompts. This doesn't automatically transfer the Passkey to the new device, it just uses the screen lock and distance on your phone to approve a one-time login. If the new device supports storing its own Passkey, Google will separately ask if it wants to create one on the new device.
For now, Passkey is just an alternative to logging in with a Google account. The existing login method has not changed, and the password is the backup method (for those cases where the device does not support Passkey). But that could change in the future, according to Google:
Passkey is still fairly new technology and will take some time to become ubiquitous, but creating a Passkey today still has security benefits because it allows us to keep a closer eye on logins that fall back on passwords. As Passkey gains wider support and familiarity, we will review these actions more closely.