Google Passkeys: Is the Future Passwordless?

They say no password is a good password. With Microsoft and Apple making the move in recent years, Google last week announced its plan to kill passwords online, with something called Passkeys. Companies are calling this a step toward a passwordless future. Mint explains:

What has Google done?

Last week, Google announced a new feature called Passkeys, which allows users to log into their Google accounts using secondary means such as biometrics, USB keys, and more. Essentially, it eliminates the need to type in a password whenever you want to log into an account. When a user signs up to a service with Google, they still need their Gmail password, which is also eliminated by a feature like this. The feature is similar to Microsoft’s passwordless login, announced in 2021, and Apple’s iCloud keychain login that came with iOS 16 – the company’s mobile phone software.

How do access keys work?

Google allows users to tag their Gmail password on a physical authentication device, such as a USB key, or biometric authentication on their Android or iOS device. Users can also generate a QR code on a desktop device, which will be scanned by their smartphone to log into their accounts. Users can revoke device access from their Google account and have backup devices to access their account if they lose their primary authentication devices. The feature is especially useful for developers and business users who need to log into many accounts for their day-to-day work.

Why are Google passcodes important?

While Microsoft and Apple did it first, Google’s Android and Gmail are used by many more users. switch

logging in without a password for users could significantly boost the adoption of such services. Passkeys is also not limited to just Android devices. One can also log into accounts using Apple’s FaceID as a secondary layer of authentication.

So the future is passwordless?

The idea of ​​logging in without a password is actually very old, with LastPass dating back to 2008. While Google, Apple, and Microsoft can eliminate the need to type in passwords on a daily basis, the passwords for your Gmail, Apple, or Microsoft account are still act as the master passwords, and stealing this can give you access to all your other passwords. Since Windows, Android, and Apple devices are always logged into their users’ respective accounts, these master passwords are usually entered only once: when setting up a device.

What happens if these companies are hacked?

It is much more difficult for hackers to penetrate Google, Apple or Microsoft. Even if they do, passwords are usually stored in a “hash” format on their servers, so they can’t be deciphered without an authentication key. In practice, with biometric authentication, a device sends a signal to the servers of these companies with the decryption key to verify that it is indeed the correct user who is trying to log in. Users should only protect their master password and not share it with anyone.

Catch all company news and updates on Live Mint. Download the Mint News app for daily market updates and live business news.

More or less

Leave a Comment