Passwordless Google accounts, stepping ahead in user security

Google has commenced the roll-out of a passwordless solution for Google Accounts on all platforms, which enables users to sign in to apps and websites using passkeys instead of traditional passwords. 

Huge day for passkeys!

Starting today, you can set up a passkey for your Google account. At this stage of the industry-wide transition, setting up a passkey doesn’t invalidate your password, so it’s 100% safe to set up. https://t.co/vyrTdEghdd

— Ricky Mondello (@rmondello) May 3, 2023

What could a passkey do?

Passkeys, which have the backing of the FIDO Alliance, 

• Enables users to unlock their devices using biometric authentication or a local PIN. 
• They provide high protection against threats such as phishing, thereby making two-factor authentication unnecessary. 

Google Introduces Passkey feature for authentication. https://t.co/5Pzl86dg1i #Passkeys #DigitalAuthentication https://t.co/cdnLpMH4tp pic.twitter.com/tP2iotsCzD

— ZOLUTE (@ZOLUTE) May 4, 2023

• Passkeys are stored locally on the device and are not shared with any third party.
• Users can generate passkeys for every device they use to access their Google Account, and passkeys are synchronized across all devices that run the same operating system platform. 
• The passkeys are kept confidential using end-to-end encryption, which prevents users from being locked out if they lose access to their devices or upgrade to a new one.

“And, unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than SMS one-time codes,” Google says.

According to Google, passkeys are more secure than SMS one-time codes and are impervious to online attacks such as phishing, unlike passwords. Users can temporarily choose to use a passkey from another device by selecting the appropriate option, which employs the phone’s screen lock and proximity to authorize a one-time sign-in.

However, Google advises against creating passkeys on shared devices. The company intends to continue supporting existing login methods like passwords and two-factor authentication.

What’s so special?

• The cryptographic private key is what gets saved on your devices. When you generate a private key, the corresponding public key is uploaded to Google. Your device guarantees the signature can only be exchanged with Google apps and websites, not with fraudulent phishing intermediaries. The signature serves as evidence that the device belongs to you.
• The private key that underlies the passkey remains on your devices. Passkey synchronization providers, such as Google Password Manager and iCloud Keychain, employ end-to-end encryption to maintain the confidentiality of your passkeys.

Today @Google announced support for using passkeys for personal Google accounts. It’s a huge step toward widespread adoption of a simpler, more secure alternative to passwords.

Soon, you’ll be able to store, manage, and use passkeys in 1Password.https://t.co/7yHRF7mdYu

— 1Password (@1Password) May 3, 2023

• As each passkey can only be utilized for a single account, there is no danger of using them repeatedly across different services. Consequently, your Google Account is protected from data breaches that may occur in your other accounts, and the reverse is also true.

• Passkey support is functional on all platforms and browsers that implement these criteria. You can save the passkeys for your Google Account on any suitable device or service.

Source: Reddit users(what do people think?)

Concluding thoughts

The ‘could’ and ‘should’ be many whenever there is a new advancement. Let’s explore together what this take is going to bring for us. First, Google will invest a lot of time in making people understand how this feature can change their lives, and later, it will solve the problems people will create while adopting it. 

So, your call is to accept or keep moving with the previous one.