The end is nigh for passwords. That’s the outcome Google wants in the near future, at least. And it’s all thanks to passkeys.
Google announced that passkeys are now available for Google accounts, meaning users no longer need to use a password in order to sign in. Instead, all they need is a fingerprint, a face scan or a PIN.
Not only does using passkeys make it easier to sign into websites or apps, it also reduces the risk of phishing attacks, hackers breaking into your account and being locked out of your account because you can’t remember your password.
With passkeys now available on Google accounts, all you need to do it set it up.
How to use passkeys on your Google account
You can create passkeys for your Google account on your phone, tablet and PC. It only takes a minute or two, and you can set it up on all your devices. As Google notes, Android devices automatically create passkeys for you when you sign in to your account.
Here’s a quick guide on creating passkeys.
1. On your device, open a browser and go to g.co/passkeys.
2. Sign in to your Google account using your email and password.
3. On the next page, click the blue button stating Use passkeys.
4. A confirmation message will appear. Click Done.
5. Now press Create a passkey. A pop-up window will appear asking to create a passkey on this device. Press Continue.
6. Depending on the device you use, a sign-in screen with pop up asking for your biometric data (fingerprint, face ID) or PIN for authentication. Punch it in to continue.
7. Your passkey is now created. Press Done.
What are passkeys?
Passkeys are a form of digital identity verification that uses biometric data or PIN to confirm the identity of the user. Instead of inputting a password or confirming through two-factor authentication (2FA), the user can gain access to a device, app or website using a fingerprint, a face scan or a screen lock PIN.
As a push to support a passwordless future created by the FIDO Alliance and the World Wide Web Consortium, Google, Apple and Microsoft are implementing this form of security onto their platforms as a secure alternative to passwords.
As Google states, a passkey uses a cryptographic private key stored on your devices. This private key stays on the device, or your operating system or an app similar to a password manager may sync it to other devices you own. These sync providers, like Google Password Manager or Apple’s iCloud Keychain, use end-to-end encryption to keep the passkey private. Each passkey can only be used for a single account.
Passkeys are only at the beginning stage, and Google understand it will take time for users to move across from passwords. In the meantime, passwords and 2FA sign ins still work for Google accounts and more.
Are passkeys better than passwords?
The short answer: yes (so far).
Because of their ease of use and stronger protection, passkeys are better than passwords. While a strong password makes it hard for threat actors to access your online accounts, if they are known, then an account can be easily compromised. Using phishing attacks such as dodgy scam emails and websites or malware to steal personal information, hackers use all forms of cyberattacks to steal passwords. They can also be exposed in data breaches.
A passkey can only exist on a device. “When you use a passkey to sign in to your Google Account, it proves to Google that you have access to your device and are able to unlock it,” Google states. This means that hackers would need to have your device and your biometric data or PIN in order to access your online accounts, rather than accessing accounts from a different device from another location.
With passkeys still being in their early stages, it’s difficult to know how threat actors will abuse passkeys. That’s why it’s a good idea to have a backup security precaution regardless of the login process you use. Check out the best antivirus software to keep your devices safe.