Google users can now create and use passkeys instead of the traditional password or 2-step verification (2SV) to sign into their personal Google Account.
In a blog post on the company website, Google announced that it had introduced passkeys as a more convenient and safer alternative to passwords. It said the feature would be available on all major platforms and browsers, allowing users to sign in by unlocking their computer or mobile device with their fingerprint, face recognition or a local PIN.
‘Using passwords puts a lot of responsibility on users. Choosing strong passwords and remembering them across various accounts can be hard,” the company said.
It added: “In addition, even the most savvy users are often misled into giving them up during phishing attempts. 2SV (2FA/MFA) helps, but again puts strain on the user with additional, unwanted friction and still doesn’t fully protect against phishing attacks and targeted attacks like “SIM swaps” for SMS verification. Passkeys help address all these issues.”
According to the tech giant it will take time for the feature to be rolled out across a full range of devices. In the meantime, it will still be possible for users to sign-in via existing methods such as the password on devices that do not yet support passkeys.
Why is it safer?
One of the key reasons why the passkey is seen as a safer method of sign in is because the passkey itself is stored on the user’s local computer or mobile device, which asks the user for screen lock biometrics or PIN to confirm it’s really them. Biometric data cannot be shared with Google or any other third party as unlike passwords, passkeys can only exist on the device itself. For example, a passkey cannot be written down or accidentally given to a bad actor.
Google further stated in the post: “This is stronger protection than most 2SV (2FA/MFA) methods offer today, which is why we allow you to skip not only the password but also 2SV when you use a passkey.”
It added: “Today’s launch is a big step in a cross-industry effort that we helped start more than 10 years ago, and we are committed to passkeys as the future of secure sign-in, for everyone. We hope that other web and app developers adopt passkeys and are able to use our deployment as a model.”