Explained: What are passkeys and how Google wants to be free of passwords – Times of India
What are passkeys?
According to Google, a passkey is a digital credential, which is directly tied to a user account and a website or application. With passkeys, users will not have to enter any sort of username, password or even use additional authentication factor. Google believes that passkeys are a safer and easier replacement for passwords. With passkeys, users can sign in to apps and websites with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, freeing them from having to remember and manage passwords. Further, Google says that the user experience can be “as simple as autofilling a password form.”
How to create a passkey?
For a passkey to work for any website or app, a user first must register with that website or application. The next time when users return to the website or app to sign in, they can take the following steps:
- Go to the application.
- Click Sign in.
- Select their passkey.
- Use the device screen unlock to complete the login.
Do keep in mind that Google is making this technology available for developers and it will take sometime before it reaches users.
How do passkeys work?
The best thing about passkeys is that they aren’t restricted to any particular operating system, say Android or iOS. Passkeys stored on phones can be used when logging into a laptop, even if the passkey is not synchronized to the laptop. For this to work, the phone has to be near the laptop and the user has to approve the sign-in on the phone.
Google explains this with the help of an example. Google explains how this’ll work. “For example, a user visits any website on their Chromebook. This user has previously logged into the same site on their iOS device and generated a passkey. On the Chromebook, the user chooses to sign in with a passkey from another device. The two devices will connect and the user will be prompted to approve the use of their passkey on the iOS device, e.g. with FaceID.”
On Chrome on Android, passkeys are stored in the Google Password Manager, which then “synchronises passkeys between the user’s Android devices that are signed into the same Google account,” explained Google.
How secure will passkeys be?
Very secure, as per Google, as it says passkeys provide robust protection against phishing attacks, unlike SMS or an app based one-time passwords. “Since passkeys are standardised, a single implementation enables a passwordless experience across different browsers and operating systems,” said Google in a blog post. Further, passkeys use public key cryptography which reduces the threat of potential data breaches. When a user creates a passkey with a site or application, this generates a public–private key pair on the user’s device. “Only the public key is stored by the site, but this alone is useless to an attacker. An attacker cannot derive the user’s private key from the data stored on the server, which is required to complete authentication,” explains Google.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.