After nearly a decade of groundwork and a year of announcing support for the same, Google has finally begun rolling out support for the passkeys authentication system, that it claims is more secure than standard passwords and even a 2-step verification (2SV). Apple, Google, and Microsoft, a year ago, together announced that they would begin supporting the same passwordless technology that would greatly benefit users across all major platforms when it comes to security. However, this is just the first step as the system needs to be implemented by services as well.
Logging in with passkeys is as simple as using your biometric authentication method, whether that’s a fingerprint reader or a face scanner on mobiles or laptops. It can also be authenticated using a regular device lock PIN and with physical authentication keys. Once the passkey has been created it solely resides in that particular device. Google explains that since passkeys are virtual, they cannot be written down or given to a bad actor, which makes it easier to prevent fraud.
When logging into a supported website or app from your mobile device or laptop, the passkey checks with your device’s biometric system or typed in PIN (lock screen authentication method) to simply verify that it’s you who are trying to log in and then logs you in . The biometric data as per Google is not shared online or stored in the cloud either, making the entire system quite safe as long as you don’t use a simple PIN (0000, 1234) for unlocking your device.
Google claims that passkeys can be used as an additional method of authentication for now. So, it can currently be used alongside regular passwords and 2SV systems as well.
Passkeys basically reduce the need to use long and complicated passwords, which are ideally supposed to be unique for every service or website a user visits. Remembering these is indeed a task given that many of us access number of websites and apps on a daily basis. Apart from remembering and keeping a track of them, standard passwords also need to be changed from time to time for security reasons. Therefore, switching to passkeys sure does seem like a simpler way out, for now.
Passkeys uses an authentication system that Google, Microsoft and apple helped create several years ago as a part of the FIDO Alliance and the W3C WebAuthn working group. This also means that the solution works across multiple platforms and browsers, provided they have adopted this standard.