Google adds passkeys support for passwordless sign-in on all accounts


Google is rolling out support for passkeys for Google Accounts across all services and platforms, allowing users to sign into their Google accounts without entering a password or using 2-Step Verification (2SV) when logging in.

“We’ve begun rolling out support for passkeys across Google Accounts on all major platforms. This means users can now take advantage of passkeys across Google Services for a passwordless sign-in experience,” said Google product managers Christiaan Brand and Sriram Karra.

Passkeys are linked to each device (computers, tablets, or smartphones) where they’ve been added to the account and work locally by unlocking via PIN or screen lock biometrics (fingerprints or face identification).

They significantly decrease the risk of data breaches affecting other accounts and protect against phishing attacks that can’t use them to hijack accounts.

They provide a more secure and convenient alternative to passwords enabling you to use biometric sensors (e.g., fingerprint scanners, facial recognition), PINs, or patterns to sign in to websites and apps, eliminating the need to remember and manage passwords.

“This signature proves to us that the device is yours since it has the private key, that you were there to unlock it, and that you are actually trying to sign in to Google and not some intermediary phishing site,” Google’s Arnar Birgisson and Diana K Smetters said.

“The only data shared with Google for this to work is the public key and the signature. Neither contains any information about your biometrics.”

For now, passkeys will be just another Google signing-in option to ensure that you have a fallback method and can log in using a password when you don’t have access to your device or if it doesn’t support passkeys.

Passkeys are securely backed up and synced to the cloud to prevent lockouts if you lose the device they were generated on and make upgrading to new devices easier. This works across all major web browsers and platforms (e.g., Windows, macOS, iOS, and ChromeOS).

For instance, if you create a passkey on your iPhone, it will be available on your other Apple devices signed in to the same iCloud account, with the same passwordless experience.

Signing into a Google account with a passkey
Signing into a Google account with a passkey (Google)

Part of a passwordless push that started years ago

Today’s announcement follows the introduction of passkey support to the Chrome web browser and the Android operating system in October 2022.

Both movers are part of a much broader effort to speed up the adoption of passkeys and come on the heels of a May 2022 joint announcement of plans to support them as a passwordless sign-in standard developed by the World Wide Web Consortium (W3C) and the FIDO Alliance.

Microsoft and Apple also pledged their support for passkeys in May 2022, making the new Web Authentication (WebAuthn) credentials (aka FIDO credentials) the standard way to log into accounts without a password across three tech giants’ platforms.

Google, Microsoft, and Mozilla have backed up WebAuthn since April 2018, when they announced plans to support the new API inside the Chrome, Edge, and Firefox web browsers.

Transitioning away from password-based authentication will enhance online security, as passwords are the most frequent target of attackers trying to hijack online identities.

“While we encourage users to try out the convenience and security of passkeys, other methods like passwords and 2SV will still work across Google Accounts,” said Brand and Karra.

“For Google Workspace accounts, administrators will soon have the option to enable passkeys for their end-users during sign-in.”



Source link