Google Deploys Passkeys, Cites ‘Beginning Of End’ For Passwords

Tom Jowitt,
Linkedin
Cyber security and Security password login online concept Hands typing and entering username and password of social media, log in with smartphone to an online bank account, data protection hacker

No need for a password to login into Google accounts, as they now support passkeys to replace passwords and 2FA

Alphabet’s Google is touting the ‘beginning of the end’ for the humble password, after it began rolling out passkeys.

In its announcements Google said that passkeys – a new cryptographic keys solution that requires a preauthenticated device – is being rolled out to Google accounts on all major platforms.

It should be noted that Google has been developing enhanced authentication for a while now. In January 2020 for example, Google updated its Smart Lock app for iOS devices, which meant that modern iPhones could be used as a physical security key for Google apps such as Gmail, Drive etc.

Google passkeys

A passkey is a digital credential, tied to a user account and a website or application. Passkeys allow users to authenticate without having to enter a username, password, or provide any additional authentication factor.

The passkey is designed to replace passwords entirely by allowing authentication with fingerprint ID, facial ID or pin on the phone or device you use for authentication.

Google believes this spells the beginning of the end for passwords, saying that passkeys are “the easiest and most secure way to sign in to apps and websites and a major step toward a ‘passwordless future.’”

“For some time we and others in the industry have been working on a simpler and safer alternative to passwords,” it said. “While passwords will be with us for some time to come, they are often frustrating to remember and put you at risk if they end up in the wrong hands.”

“Last year – alongside FIDO Alliance, Apple and Microsoft – we announced we would begin work to support passkeys on our platform as an easier and more secure alternative to passwords,” it said. “And today, ahead of World Password Day, we’ve begun rolling out support for passkeys across Google Accounts on all major platforms. They’ll be an additional option that people can use to sign in, alongside passwords, 2-Step Verification (2SV), etc.”

“So maybe by next year’s World Password Day, you won’t even need to use your password, much less remember it!” Google suggested.

Users interested in trying out passkeys for Google Accounts, can try them out at g.co/passkeys.

It said that for Google Workspace accounts, administrators will soon have the option to enable passkeys for their end-users during sign-in.

Welcomed move

The effort by Google to move away from passwords has been welcomed by Eduardo Azanza, CEO at Spanish authentication specialist Veridas, saying it will only make users safer online.

“As we see the convergence of the digital and physical world, the only way forward to properly secure users is biometric verification,” said Azanza.

“The use of face verification means that user’s digital identities can be verified in a simple, agile, and secure way,” said Azanza. “Passwords can be stolen and leaked on the dark web to commit other crimes such as fraud and identity theft.”

“However, as biometrics are linked to a user’s physical identity, they’re much harder to steal,” said Azanza. “As a result, security teams can accurately identify and verify users, as well as quickly detect fraud, phishing and spoofing techniques.”

“Furthermore, biometric verification improves the user experience by making identity verification processes fast and effortless,” said Azanza. “Users don’t have to remember dozens of passwords, reset them when they are forgotten or go through double authentication steps. Biometrics will verify and authenticate users within seconds, not leaving the user frustrated, unlike when a password is involved.”