Google has taken the first step towards a future without passwords for login. The arrival of passkeys or access keys to all Google accounts will allow access to the platforms without the need to use a password.
While many may have doubts about the security of this new method, the truth is that these are cryptographic keys that offer fully protected authentication. They may even offer better security than passwords or two-step verifications, since passkeys cannot be stolen as is the case with other methods.
What is certain is that this is a revolutionary measure and that it will surely change the way of accessing and logging in, not only in Google, but also for other websites.
According to Andrew Shikiar, director of the FIDO Alliance, this is a turning point for the accelerated adoption of passkeys and a great example for other service providers.
For the time being, the transition will be gradual and access keys or passwords can be used interchangeably. This will give people time to adapt to this new technology, with devices suitable for it. However, at some point it will probably only be possible to log in with passkeys.
What do Google passkeys consist of?
According to Google, passkeys are convenient and more secure alternatives to passwords. In addition to the big search engine company, there are others that also promote the use of passkeys, such as Apple and Microsoft.
Access keys, unlike two-factor authentication or passwords themselves, do not need to store information on websites. It is stored on the user’s own device, either a computer or a mobile device. A biometric method must be configured to enable access to the device, such as fingerprint or facial recognition. This allows providing access when logging into the platforms, since the biometric method verifies that it is the same user.
When the access keys are enabled, two cryptographic keys are created. One is private and stored on the device, and one is public and uploaded to Google. When signing in with the passkeys, Google will ask the device to sign with its private key, which will happen when using the biometric method configured. Google then uses the public key to verify the signature and log in.
Where to use Google passwords?
Devices that support the use of passkeys are those with compatible hardware such as iOS 16 and Android 9. On some platforms, passwords can be synchronized with other devices, for example, via iCloud or password managers.
To activate the access keys, simply log in to Google, sign in and accept the implementation of the access keys. Next, the configured devices and the platforms that can be accessed with the passkeys will be displayed.
In the event that the device on which the password is stored is lost, the login can be revoked through the account settings or the device can be remotely wiped.