In October 2022, Google started adding passkey support for its Android OS and its Chrome web browser in beta forms or, in Chrome's case, on its Canary channel. Today, the day before World Password Day, Google announced it is now rolling out passkey support for signing into your Google account.
In a blog post, Google stated:
Passkeys are a new way to sign in to apps and websites. They’re both easier to use and more secure than passwords, so users no longer need to rely on the names of pets, birthdays or the infamous “password123.” Instead, passkeys let users sign in to apps and sites the same way they unlock their devices: with a fingerprint, a face scan or a screen lock PIN. And, unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like SMS one-time codes.
Passkey support is an option, in addition to regular passwords and 2-step verification, for Google Accounts. You can set up your passkey on your account by visiting this page. Admins who set up Google Accounts for employees will also soon be able to set up passkeys for those workers.
In a post on the Google Security blog, the company goes into much more detail about how passkeys work and how they are more secure than just using passwords. The passkey is stored on your device and not on a server. Google states:
The main ingredient of a passkey is a cryptographic private key – this is what is stored on your devices. When you create one, the corresponding public key is uploaded to Google. When you sign in, we ask your device to sign a unique challenge with the private key. Your device only does so if you approve this, which requires unlocking the device. We then verify the signature with your public key.
If a person loses their device or has it stolen, they can revoke the passkey in their Google account settings. Google recommends having a recovery phone and email on all accounts to make it easier to remotely change their settings.
3 Comments - Add comment