Google Passkey: Is the future password-less?

What has Google done?

Last week, Google announced a new feature called Passkeys that will allow users to log on to their Google Accounts using secondary means such as biometrics, USB keys and more. Essentially, this eliminates the need to type in a password every time you want to log into an account. When a user logs on to a service using Google, it still needs their Gmail password, which is also eliminated through such a feature. The feature is similar to Microsoft’s password-less sign-in, which was announced in 2021, and Apple’s iCloud Keychain login that came with iOS 16—the company’s mobile phone software.

How do passes work?

Google is allowing users to tag their Gmail password with a physical authentication device, such as a USB key, or biometric authentication on their Android or iOS powered devices. Users will also be able to generate a QR code on the desktop device, which will be scanned by their smartphone to log on to their account. Users can revoke access from a device with their Google Account, and can have backup devices to regain access to their account if they lose their primary authentication devices. This feature is especially useful for developers and enterprise users who need to log on to multiple accounts for day-to-day work.

View Full Image

Why is Google’s passkey important?

Even though Microsoft and Apple did it first, Google’s Android and Gmail are used by many more users. by enabling

Password-less logon for users can provide a significant boost to the adoption of such services. Passkey is not limited to Android devices only. Accounts can also be logged on using Apple’s FaceID as a secondary layer of authentication.

So, is the future passwordless?

The idea of ​​a password-less log on is actually pretty old, with LastPass dating back to 2008. Although Google, Apple, and Microsoft may eliminate the need to type passwords on a daily basis, your Gmail, Apple, or Microsoft account password should still act as the master password, and stealing it would give access to all your other passwords. Might be possible. Since Windows, Android, and Apple devices are always logged on to users’ respective accounts, these master passwords are typically entered only once — when setting up the device.

What would happen if these firms were hacked?

It is very difficult for hackers to compromise Google, Apple or Microsoft. Even if they do, the passwords are usually stored on their servers in a ‘hashed’ format, so that they cannot be decrypted without an authentication key. In practice, when biometric authentication is performed, a device sends a signal to the servers of these companies, along with a decryption key, to verify that it is indeed the correct user who is trying to log on. Users only have to keep their master password safe and not share it with anyone.