These days we use various social media and websites, and creating different passwords and remembering all of them is a pain. And somehow if you managed to remember all of those passwords or you use a password manager. Hackers can get your passwords by Phishing.
Don’t worry because not only Google, the FIDO Alliance, and the W3C Web Authentication Group are busy working towards a passwordless future, this method can be applied to any gadget, no matter what its manufacturer is (Google, Apple, Microsoft, etc).
Passkey support is coming for both Android and Chrome
Google recently announced that passkey support is coming to both the Android operating system and the Google Chrome web browser—and if you’re wondering what that really means, you’re in the right place. Passkeys are essentially a replacement for passwords that are designed to be more secure. You use them instead of traditional passwords to log into your various digital accounts, whether it’s Google, Twitter, or anything else.
You don’t get the actual key. Instead, some sort of unlocking mechanism—typically facial recognition or fingerprint recognition, or just a PIN code—the purpose of this is to verify your identity during the login process.
However, it’s not just a matter of pressing a button and switching. Developers will also have to code passkey support into their apps and websites, which is why Google announced this on its Android Developers Blog.
In the future, passwords won’t be needed as part of a broader industry initiative. You may have noticed Microsoft doing something similar. Users do not have to remember passwords, and there is no password for hackers to steal.
How do Passkeys work?
As Google says, a passkey “identifies a particular user account on some online service.” At the center of this is a cryptographic private key that gets stored on the devices you use. This is then matched to the public key held by the digital services you are signing into to confirm your identity.
To make sure it’s really you, you’ll need to unlock your phone or computer, which usually means entering a PIN code on the phone or letting it scan your face or fingerprint. On computers, passwords can still be used to verify your identity, but the industry is moving towards biometric authentication all the time.
You don’t really see the passkey yourself or need to know what it is – you just have to be yourself. A face or fingerprint replaces a long list of passwords on a Post-it note, making it much simpler and more convenient.
Benifits of using Passkeys
Since these keys use public-key cryptography, if they’re compromised, bad actors won’t be able to use them without your Face ID or Fingerprints. Likewise, if your laptop or phone is stolen, your accounts can’t be accessed because you won’t be around to provide the necessary authentication.
Setting Up and Using Passkeys
Passkeys are as simple to use as unlocking your phone; they aim to be as straightforward as possible. You’ll be able to choose to move to a passkey system for your accounts. However, you’ll need to make sure the app you’re logging into and the device you’re using has been upgraded with passkey support.
Assuming Google has finished rolling out passkey support for Android, you’re logging into an app that’s been updated to use passkeys, when asked if you would like to switch from a standard password, you have said yes. You’ll then be asked to create a passkey, which requires you to do the same actions you would to unlock your phone—show your face, press your fingerprint, or enter a PIN.
This will generate the passkey and authenticate the link between the app in question and your handheld device. In the future whenever you need to log in to that app, you will have to go through the same unlock process. Like passwords, how long this authentication lasts will vary: With your banking app, you’ll usually have to log in every time, whereas with a social media account one login per device is often sufficient.
You’ll also be able to log into sites on your computer through your phone via the magic of a QR code like you used to log in on Discord or Binance on your desktop. The site will display a QR code that you scan with your phone—once you’ve gone through the unlock process on your mobile device, your identity will be confirmed and you’ll be logged into the site.
Encrypted synchronization across devices will also be handled. Password Manager Passkey, for instance, is being supported by Google, so even if you lose access to one device, you can still retrieve your accounts from another or from the cloud, as long as you can provide the required authentication (and your fingerprints or face haven’t changed in the meantime).