.
You’ll agree that we increasingly live in a password-dependent world. They are necessary for a multitude of everyday situations and this can be a lot of work and hassle.
But finally, worries and headaches about passwords can be over, thanks to Google Passkey!
Yes, you didn’t read it wrong and if you want to know what it is and how it works, follow this content until the end…
What is Google Passkey?
Google Passkey – or Google access key, in direct translation – is a technology that promises to put an end once and for all to the infamous passwords, so present and necessary both in the online world and in the physical world.
The idea is that every website or app where it is necessary to use the old authentication method using username and password, will start using Passkey.
Thus, in the same way that some sites and apps allow the user to choose authentication through Facebook, a Google account, their own registration or other methods, the new technology announced appears as a safe and simple alternative and in a short future, promises to retire all too much.
After a testing phase started in October / 2022, using the stable version of Chrome M108 for AndroidGoogle officially announced the introduction of the feature in Chromium project blog.
In this initial phase, beneficiary users necessarily need to have an Android cell phone and have the Chrome 108 mobile browser installed.
Despite bearing the name of Google, Passkey is not a proprietary resource and is the result of an isolated initiative by the big tech of searches. Participating in the project and its development are other industry giants, such as Apple and Microsoft, members of the FIDO Alliance and also the W3C.
How does Google Passkey work?
Briefly, what Passkey does is use as a method to check the user’s identity, the same mechanism used to access your Android smartphone and that can be a biometric process (fingerprint or facial reading) or the lock screen.
Once the recognition is done, a set of keys is used, one public on the website or the app and the other private, present on the smartphone and which are necessary for encrypting the information exchanged during authentication.
The big difference is that, like the Google Authenticator or Authenticator (Microsoft) authentication methods, the generated codes are temporary and single-use, that is, they are only used for that action. In a second login or that requires authentication, the previous code will be invalid and this is one of the concepts that supports the security of the method.
Why is Google Passkey secure?
As we mentioned immediately above, the codes generated and exchanged between the website / app and the smartphone are unique and thus, even if a hacker – or black hat hacker, if you prefer – manages to obtain the code and the keys (public and private), what it is quite unlikely, in the next access, a new code would be required and, therefore, would require having the smartphone in hand.
The access key (Passkey) is also not informed by the device when logging in. Only a securely generated code is exchanged with the website. It is necessary to reiterate that no password is involved in the process, which means that in case of invasions to the site and/or a data leak, there will be no data that would allow access to the account.
As a result, people will no longer need to create strong and secure passwords, use a password manager and worry about creating a unique password for each website, app or service. Not even two-factor (2FA) or multi-factor (MFA) authentication methods will be required.
In a world without passwords, another major problem in the digital world is also being fought – phishing.
How to use Google Passkey?
Excited about the idea of not having to create and manage a multitude of passwords, the question that comes to mind for most is how to use Google Passkey?
Once you’ve saved a passkey on your Android device, it may appear in autofill when you log in to a site or app that already uses the feature. Yes, sites must include the new functionality as a means of access.
Whenever you need to authenticate to a service on a website or app, instead of entering your username and password, you just have to proceed as you do when you unlock your smartphone.
But in this initial phase there are still limitations, since at the time of launch, only Android phones and using at least the M108 version are enabled. The project team reported that it is already working to make it available for iOS devices soon.
In the case of desktops or notebooks, you must also have the Chrome browser, version 108, for Windows 11 and MacOS operating systems. In these cases, the sites that already offer this form of authentication will display a QR Code that must be read by the camera of the cell phone on which the Passkey is enabled and from then on the login is released by the mobile device and access / navigation will occur normally. via desktop or laptop.
Google said it’s working to make it available for Chrome OS as well, but it didn’t mention Linux or Chrome OS Flex in its statement.
When will Google Passkey replace all passwords?
The long-awaited announcement of something capable of ending passwords brings some anxiety as to when this will actually occur.
It is not enough for the technology to exist, it needs to be adopted by the participating community and that means in practical terms, that sites, applications and services that make use of authentication methods, start to adopt it, as well as users having compatible devices.
On the user side, we have already seen that for now, only those with Windows 11 and MacOS and the latest version of Google Chrome (108). When it will reach alternative browsers is still an unanswered question, but it will probably first reach those based on Chromium, which is the case of Microsoft Edge and, in a second moment, the others that support Web Authentication (webauthn).
Developers need to build support for using the new method on their websites, using the WebAuthn API.
In other words, this is a gradual process that should take some time, but which already opens up positive perspectives not only in terms of ease for users, but above all, greater security in the digital world.
Conclusion
Google Passkey finally arrives as the technology that promises to do away with passwords and make everything I use them more secure.
.
