Google has announced that users can now create passkeys, which can be considered the next step toward a password-free future. A passkey is a digital credential that is associated with a user account and a website or application.
Passwords will soon be added to personal Google accounts on all major platforms. Beginning on 3 May, Google will no longer request your password or 2-Step Verification (2SV) when you sign in with a passkey.
Google, Apple, Microsoft, and other tech companies aligned with the FIDO Alliance have promoted the use of passkeys.
Why is a passkey superior to a password?
Passkeys are a more practical and secure alternative to passwords and other 2-step verification methods. This authentication method is compatible with all devices with registered passkeys.
Users can sign in by authenticating their computer or mobile device with a fingerprint, face recognition, or a PIN.
Passwords can be problematic for some individuals. First, choosing and remembering secure passwords for multiple accounts can be difficult. Moreover, with the rise of cybercrime, individuals are frequently duped into divulging credentials that frequently result in financial losses.
When it comes to 2-step verification, the process is beneficial, but “again burdens the user with additional, unwanted friction” and “still does not provide complete protection against phishing attacks and targeted attacks such as ‘SIM swaps’ for SMS verification.” Passwords solve all of these problems.
“Passkeys, unlike passwords, can only exist on your devices. They cannot be written down or given to a bad actor by error. “Using a passkey to sign in to your Google Account demonstrates to Google that you have access to your device and can unlock it,” Google explained in a blog post.
What must end-users do?
No action is required from users; they can change this setting at any time by deselecting Skip password when feasible on the security page of their Google Account.