Part of:

Google’s Passkeys Are Set to End Traditional Password Era

KEY TAKEAWAYS

Google's introduction of passkeys signals a significant shift in the way users authenticate their identities online. Passkeys provide a more secure and convenient alternative to traditional passwords. Google aims to address the shortcomings of password-based authentication, such as the risk of forgetting passwords or using easily guessable information. With passkeys, users can leverage biometric identifiers and cryptographic keys to verify their identities, granting them access to their Google accounts. While the adoption may take time, Google remains committed to enhancing security measures and offering options for user authentication.

Google’s historical innovations in computer technology have begun several new eras that the IT world will never forget. Several tech tools like Gmail, Google Drive, YouTube, and Google Maps have made our lives easier and more comfortable. Building upon its legacy of technological advancements, Google has set its sights on revolutionizing the concept of passwords. Introducing the Google passkey, it aims to assume the crucial role of eliminating passwords altogether.

We no longer need to remember lengthy passwords. Passkeys provide users with a more secure way to sign in to apps and websites. This innovative feature offers facial recognition, fingerprint scanning, and PIN-based authentication options to unlock services and grant access.

Let’s delve into the details.

Why Is There a Need for Enhanced Authentication?

Online security is now a significant challenge to the digital world. With our increasing dependence on digital technologies, cybercrime incidents have proliferated worldwide. Traditional password technology falls short of adequately safeguarding user devices and preventing data breaches.

One of the most common disadvantages of traditional passwords is that people forget them. As such, they tend to use easily guessable information such as their birthday, pet’s name, or even the word “password” itself to set passwords. This practice poses a significant security risk as hackers can easily exploit such predictable passwords. Moreover, some individuals write down their passwords on paper, which is highly vulnerable and not a recommended security practice.

Therefore, more robust authentication methods are needed to address these challenges. Enabling proper security protocols, two-factor authentication (2FA), and encryption are some of the preventive techniques used today. 

Advertisements

Introducing Google Passkey

Passkey is an innovative login technique that eliminates users need to remember passwords. Instead, it facilitates biometric authentication.

With passkeys, users can quickly sign in to apps and websites using biometric identifiers such as fingerprint scanning, facial recognition, or screen lock PIN. This convenient authentication process can be performed on smartphones or other electronic devices.

In the future, passkey authentication is expected to leverage cloud technology and cryptographic keys. This means the authentication information will be securely distributed across all the devices associated with a user’s Google account, ensuring seamless and consistent access across multiple devices.

Advantages of Google Passkey

  • Strong protection against password-related risks and phishing attacks;
  • Enhanced security compared to one-time SMS codes, which can be compromised by hackers;
  • Prevention of SIM-swap attacks, a dangerous form of cybercrime.
  • Private keys and biometrics used for user verification are never shared, ensuring additional security in the future.

Technical Aspects of Google Passkey

Google’s passkeys offer users the convenience of both biometric and passcode-based sign-in options. During the login process, users will be prompted to choose their preferred authentication method.

Users have the flexibility to set up a unique passkey for each device, operating system, or app they use. This involves storing a cryptographic private key on the device while the corresponding public key is securely uploaded to Google.

When the user tries to sign in, the device has to solve a puzzle to use the private key to generate a signature. The signature is then authenticated and verified by Google using the public key. Upon successful verification, the user is granted access to their account. Google’s observation is limited to the generated signature and public key.

Notably, the device ensures the generated signature can only be shared with trusted Google websites and apps. This helps prevent malicious websites from intercepting and exploiting the data through phishing techniques.

User Adoption and Potential Challenges

The concept of a passkey has existed for a while as Apple, Microsoft, Shopify, and Paypal deployed it in some of their services. Google’s passkey adoption further signifies its transition into mainstream operations. It’s easier to use as the verification process relies on biometrics instead of traditional passwords.

However, for current users accustomed to traditional password-based authentication, adapting to the passkey method may pose a challenge. It can be hard to break the habit of using passwords and embrace a new login approach. To accommodate these users, Google will continue to offer the password option alongside the passkey.

Users will gradually become more accustomed to this new sign-in technique with time and exposure. As familiarity grows, the passkey method will likely become more widely adopted, offering a more convenient and secure way to access Google applications and websites.

The Bottom Line

While the mass adoption of Google passkey technology may take time, Google acknowledges the importance of providing options. As a result, password-based 2FA will continue to be available as an alternative method for users.

Furthermore, Google is committed to closely monitoring and addressing compromised profiles that still rely on traditional password methods.

In the meantime, using password managers is crucial for maintaining online security. Password managers provide a centralized and encrypted storage system for all your passwords.

Advertisements

Related Reading

Related Terms

Advertisements
Kuntal Chakraborty

Kuntal Chakraborty is an Information Technology Engineer by profession and education and the founder of Philarity.com. He has rich technical expertise working as a Systems Engineer and Network Engineer at Siemens and Atos. Kuntal has also worked in Artificial Intelligence (AI) and Machine Learning (ML) domains in different roles. Besides, he has a deep interest in Cyber security and published a few articles on it in some international publications. He has also created and successfully published some Alexa skills as a part of Amazon Alexa crowd developer community.