Google recently announced passkey support for the Android operating system and the Google Chrome web browser.
If you’re wondering what that means, you’re in the right place. Passkeys are more secure passwords that can be used instead of passwords.Â
You use them instead of traditional passwords to get into your Google, Twitter, Dropbox, or any other digital account.
There is no actual key. To log in, you need to show that you are who you say you are. This is usually done with facial recognition, fingerprint recognition, or just a PIN code.
But it’s not just pressing buttons to switch. Google announced Android Developers Blog because developers need to add passkey support to their apps and websites.
This is a step ahead in the industry toward a future without passwords. You may have noticed that Microsoft is also moving in this direction. Users don’t have to remember passwords; hackers can’t steal them because there aren’t any.
How Passwords Work
“Identifies a particular user account on some online service,” says Google. At the heart of it is a private cryptographic key that is kept on your devices, and this is then compared to a public key that the digital service you’re signing into has, which verifies your identity.
You’ll need to unlock your phone or computer to make sure it’s you. On the phone, this usually means entering a PIN code or letting your face or fingerprints be scanned. You can still use computer passwords to prove who you are, but the industry is moving more and more toward biometric authentication.
You don’t see or need to know the passkey; you have to be you. Your face or fingerprint can now be used instead of a long list of passwords written on a post-it note, which is much easier and more convenient.
Public-key cryptography makes these passkeys useless to bad actors in a data breach without your face or fingerprint. If your laptop or phone is taken, your accounts can’t be accessed because you won’t be there to authenticate.
Google isn’t alone, and the FIDO Alliance and W3C Web Authentication group also strive toward a passwordless future. You may use these systems on any device from Google, Apple, Microsoft, or any other hardware maker.
Set Up Passkey
Passkeys should be as simple as unlocking your phone. Only if your app and device support passkeys may you switch to a passkey system for your accounts.
Let’s imagine Google has finished rolling out passkey support to Android, you’re checking in to an app that uses passkeys, and you’ve replied yes when offered to switch from a password. You’ll then be asked to generate a passkey by unlocking your phone with your face, fingerprint, or PIN. That renders the passkey and verifies the app’s connection to your smartphone. You’ll have to unlock that app again to log in. Like passwords, authentication duration varies: Social media accounts typically require one login per device, whereas banking apps require several logins.
QR codes let you log in to computer sites from your phone. You’ll be logged in to the area after scanning a QR code with your phone and unlocking your phone.
Encrypted synchronization across devices will also be handled—Google Password Manager is adding support for passkeys. If you lose access to one device, you can still access your accounts from another or the cloud if you can provide the necessary authentication.
