Passkeys – It’s Starting

GOOGLE IS ANNOUNCING a major effort to let its personal account holders log in with the password replacement known as “passkeys.” The feature launches today for the company's billions of accounts, and users will be able to proactively seek it out and turn it on. Google says it plans to promote passkeys in the coming months and start nudging account holders to convert their traditional username and password login to a passkey.

Password-based authentication has been standard across the internet (and computing in general) for decades, but the system has serious security issues, namely that attackers can steal your password or trick you into giving it to them in phishing attacks. The passkey scheme is specifically designed to address phishing attacks by relying on a different model that uses cryptographic keys stored on your devices for account authentication.

In the year since the industry association known as the FIDO Alliance began publicly promoting the rollout of passkeys, the makers of the world's biggest consumer operating systems—Microsoft, Google, and Apple—have launched the necessary infrastructure to support passkeys. But if you still have never used a passkey in your daily life, you're far from alone.

The next step toward passkey adoption is for services to actually offer passkeys as a login option for user accounts. So far, companies like PayPal, Shopify, CVS Health, Kayak, and Hyatt have taken the plunge. Today's launch of passkeys for Google’s users is noteworthy given the company's resources and sheer scale.

“It's very, very significant,” says Andrew Shikiar, executive director of the FIDO Alliance. “It's an inflection point. A company like Google enabling this with so many people actually seeing passkey sign-ins, they’ll be more likely to use them elsewhere. And it will also accelerate other companies’ deployment plans and help them deploy better, because we will learn from this as a body."

You can log in with passkeys using biometric sensors like fingerprint or face scanners, your smartphone's device lock PIN, or physical authentication dongles like YubiKeys. To transition your Google account, you'll navigate to this link, log in with your username, password, and any additional authentication factors you have set up, and then click “+ Create a passkey” on the device you're using.

Warning: Undefined variable $postId in /home/customer/www/ : eval()'d code on line 6

Leave a Comment