Google makes passkeys the default sign-in for personal accounts

Google makes passkeys the default sign-in for personal accounts

Google announced today that passkeys are now the default sign-in option across all personal Google Accounts across its services and platforms.

After setting up a passkey linked to their device, users can sign into their Google accounts without entering a password or using 2-Step Verification (2SV) when logging in.

“We’ve received really positive feedback from our users, so today we’re making passkeys even more accessible by offering them as the default option across personal Google Accounts,” said Google product managers Christiaan Brand and Sriram Karra.

“This means the next time you sign in to your account, you’ll start seeing prompts to create and use passkeys, simplifying your future sign-ins. It also means you’ll see the ‘skip password when possible’ option toggled on in your Google Account settings.”

To create a passkey using your device right now, go here, sign into your Google account, and click the “Get passkeys” button.

Passkeys are tied to specific devices, such as computers, tablets, and smartphones, where they have been registered with an account.

They work locally, offer a more secure and convenient alternative to traditional passwords, and enable the use of biometric sensors like fingerprint scanners and facial recognition, along with PINs, hardware security keys, or screen lock patterns, to access websites, online services, and apps.

Using passkeys significantly reduces the risk of data breaches impacting other accounts and protects against phishing attacks, as they cannot be exploited to hijack accounts. They also eliminate the need to remember and manage passwords, improving security and ease of use.

Passkeys are securely stored and synchronized in the cloud to prevent lockouts in the event of device loss and facilitate seamless transitions to new devices. This functionality is compatible with all major web browsers and platforms, including Windows, macOS, iOS, and ChromeOS.

Passwordless push started years ago

Today’s announcement follows the company introducing support for passwordless sign-in on all Google accounts in May. Google also introduced passkey support to the Android operating system and its Chrome web browser in October 2022.

Microsoft, Apple, and Google revealed their commitment to endorsing passkeys as a universal standard for passwordless sign-ins in May 2022.

As a result of this collaboration, Web Authentication (WebAuthn) credentials, also known as FIDO credentials, have become the established method for logging into accounts without relying on passwords across the three tech giants’ platforms.

Support for the WebAuthn standard dates back to April 2018, when Google, Microsoft, and Mozilla announced plans to integrate the new API into their respective Chrome, Edge, and Firefox web browsers.

“Of course, like any new beginning, the change to passkeys will take time. That’s why passwords and 2SV will still work for Google Accounts,” said Brand and Karra in May.

“We’ll keep you updated on where else you can start using passkeys across other online accounts. In the meantime, we’ll continue encouraging the industry to make the pivot to passkeys — making passwords a rarity, and eventually obsolete,” they added today.



Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.