Nearly five months after integrating passkey support into its Chrome browser, the tech giant has started implementing the password-free option for all Google Accounts across all platforms. This enables users to sign into their Google accounts without having to input a password or utilize 2-Step Verification (2SV).
The FIDO Alliance-supported Passkeys are a more private alternative to using a regular password to sign in to apps and websites. This can then be done by merely using their biometrics (for example, fingerprint or facial recognition) or a personal identification number (PIN) to unlock their computer or mobile device.
Potential Applications of Passwordless Authentication Beyond Google Accounts
Google employs passwordless authentication for more than only its accounts. The tech giant has long advocated for the adoption of authentication techniques that do not rely on conventional passwords.
The action is a part of Google’s wider effort to enhance online security and lessen the dangers of using weak passwords. Passwordless authentication relies on techniques other than passwords to confirm a user’s identity, such as biometric identification or cryptographic keys.
Specifically in the context of internet security, this kind of approach has tremendous potential advantages. Hacking, phishing, and other cyberattacks frequently target traditional passwords. Passwordless authentication can assist in lowering these risks and delivering a more secure online experience by employing alternative techniques.
A wide range of users, including companies, governments, and individual consumers, are likely to be interested in Google’s plans to increase the use of passwordless authentication. With a number of collaborators, the company has already started to develop and promote the use of passwordless authentication techniques.
Although the technology is still in the early stages, passwordless authentication has a wide range of potential uses. Anticipating this new development, it will cause a big increase in online security and a decline in the hazards connected with using weak passwords as more companies and users.
Push Towards Passwordless Authentication
Google’s most recent action is a part of a larger campaign for password-free authentication that started several years ago.
The company’s Advanced Protection Program, which offers users improved security measures such as requiring two-factor authentication and the use of physical security keys, was announced in October 2017.
Passkeys, as opposed to standard passwords, provide a more secure and practical method of logging in, further demonstrating the advantages of passwordless authentication.
Passkeys give an extra degree of protection by requiring physical interaction with the device, making them less vulnerable to hacking and phishing assaults.
Google added passkey functionality to the Android operating system and Chrome in October 2022, and this news continues that trend.
These actions were accelerated by a joint announcement made in May 2022 by the World Wide Web Consortium (W3C) and the FIDO Alliance to support passkeys as a passwordless sign-in standard. They are part of a bigger initiative to speed up the adoption of passkeys.
Also, the commitment to support passkeys made by Microsoft and Apple in May 2022 made Web Authentication (WebAuthn) credentials the norm for signing into accounts without passwords across the platforms of the three technology giants.
Since they made their plans public in April 2018 to include the new API in their respective Chrome, Edge, and Firefox web browsers, Google, Microsoft, and Mozilla have supported WebAuthn.
Since passwords are the main method used by attackers to sabotage online identities, abandoning password-based authentication will increase online security.
Learning More About Passkeys
These are types of two-factor authentication (2FA) that verifies a user’s identity using a physical security key or a gadget such as a smartphone or ipad.
- Users can first sign in to their own Google accounts from any computer or phone, including public or shared computers, by using their passkey rather than a password.
- Users must have a compatible device and sign up for Google’s Advanced Protection Program in order to set up a passkey.
- Once signed up, they are able to add their passkey to their Google account and use it to sign in without entering a password.
- In order to confirm a user’s identity, passkeys use public-key cryptography, which uses two keys—a public key and a private key.
- The user’s device stores the private key, which is required to access their Google account. The user’s identity is confirmed using the shared public key with Google.
- Compared to conventional passwords, which are vulnerable to phishing and hacking attacks, passkeys have quite a number of positives.
- Passkeys are less susceptible to hacking since they are stored on a physical device rather than a server, making them more secure.
- Passkeys also withstand phishing attempts since they need to be physically entered into the device.
- Google provides several 2FA options in addition to passkeys, including the Google Authenticator app and SMS verification.
- Passkeys, on the other hand, provide a more practical and safe alternative to using passwords to sign in to Google accounts.
- The signature verifies the owner of the device by showing the presence of the private key, authenticating the user’s identity through their physical presence to unlock it, and confirming that the user is attempting to sign in to Google and not a fraudulent phishing website, stated by Arnar Birgisson and Diana K Smetters of Google.
- Google’s continued efforts to strengthen online security and defend users from cyber attacks include the deployment of passkeys.
- Google offers a passwordless sign-in option to give its users an extra measure of protection and convenience.
Conclusion
Google has taken a big step in its continuous mission to strengthen internet security and reduce the hazards associated with using weak passwords by introducing passwordless authentication for its accounts. Passwordless authentication is a step in a bigger drive to strengthen internet security and protect consumers from cyberattacks, which began several years ago.
In comparison to traditional passwords, passkeys offer a more secure and convenient method of logging in because they use physical keys or devices like smartphones to confirm a user’s identity. Beyond Google accounts, passwordless authentication has potential uses. Many users, including businesses and governments, are likely to be intrigued by this method of online security. The hazards associated with using weak passwords are projected to lessen as more businesses and individuals use passwordless authentication, leading to an improved online community.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.