Google has announced the passkey login method as the default for users using its platform.
This is the latest move since Google announced support for password-free standards for accounts across platforms. Passkey is a solution backed by the FIDO Alliance that makes it more secure to log in to apps and websites without using a traditional password. This can be achieved by simply unlocking the user’s computer or mobile device using biometric technology (fingerprint or facial recognition) or a PIN code.
Google says the next time a user logs into their account, they’ll start seeing a prompt to create and use a passkey, helping to simplify future logins. It also means they’ll see the ‘skip password’ option enabled in their Google Account settings.
Passkey is a login mechanism that leverages public key cryptography to authenticate user access to websites and applications, with the private key stored securely in the device and the public key stored in the server.
Each passkey is unique and associated with a specific username and service, meaning users will have at least as many passwords as they have accounts. However, they will have multiple passkeys for each account because it only works within the limits of the same platform. That means users can have a passkey for each website for Android, iOS, macOS, and Windows.
When logging into a website or application that supports passkeys, a random code is generated and sent to the user, requiring their biometric or PIN verification to be signed and sent back to the server.
The benefit of passkey is that it not only helps reduce the hassle of remembering passwords but also has anti-phishing capabilities, thereby protecting users from today’s popular account takeover attacks