Passwords have been a popular method of authentication for decades, but they come with their fair share of problems. Weak passwords are easily cracked, and complex passwords are hard to remember. To address these issues, Google has introduced passkeys – a safer and easier replacement for passwords.
A passkey is a digital credential that is tied to a user account and a website or application. It allows users to authenticate without having to enter a username, password, or provide any additional authentication factor. Passkeys can be created using biometric sensors such as fingerprints or facial recognition, PINs, or patterns. The passkey can then be used to sign in to apps and websites with just a single step, freeing users from the hassle of remembering and managing passwords.
Passkeys provide robust protection against phishing attacks, unlike SMS or app-based one-time passwords. This is because passkeys are standardized, which means a single implementation enables a passwordless experience across different browsers and operating systems.
To use passkeys, users need to have an operating system that supports them. When signing in to a service that uses passkeys, the browser or operating system will help the user select and use the right passkey. To ensure that only the rightful owner can use a passkey, the system will ask them to unlock their device using a biometric sensor, PIN, or pattern.
Passkeys are intended to be used through operating system infrastructure that allows passkey managers to create, backup, and make passkeys available to the applications running on that operating system. On Chrome on Android, passkeys are stored in the Google Password Manager, which synchronizes passkeys between the user’s Android devices that are signed into the same Google account.
One of the most significant advantages of passkeys is that they can be used across devices. For instance, if a passkey is stored on a phone, it can be used to log in to a laptop even if the passkey isn’t synchronized to the laptop, as long as the phone is near the laptop and the user approves the sign-in on the phone. Since passkeys are built on FIDO standards, all browsers can adopt them.
In conclusion, passkeys are the future of authentication. They are safer and easier to use than traditional passwords and provide robust protection against phishing attacks. As passkeys become more widely adopted, users can look forward to a future where they no longer have to remember dozens of passwords or worry about the security of their online accounts.
