The number of cybercrimes, phishing scams, and account hacking cases has risen in the last few years, and so has the need to protect passwords. It leads us to a question – What’s the best way to secure your passwords from hackers and cybercriminals?
Go passwordless!
Yes, you read it correctly. Google, Apple, Microsoft and a few other companies have long been working to make a passwordless future for all Internet users. Interestingly, today on May 3, 2023, Google has rolled out passkeys for Google Accounts across all major platforms.
In other words, Google users now have the option to use passkeys instead of traditional passwords and two-step verification codes when logging into their Google accounts.
Instead of relying on a memorized string of characters, passkeys use a physical device such as a smartphone or a security key to verify the user’s identity.
Google going passwordless announcement came exactly a year after the search engine giant, along with Apple and Microsoft, extended their support for a common passwordless sign-in standard created by the FIDO Alliance (Fast IDentity Online) and the World Wide Web Consortium.
This year so far, various companies, including Kayak, PayPal, Shopify, and Yahoo! Japan, have introduced passkey functionality to their apps, enabling their users to enjoy a streamlined and hassle-free sign-in experience.
What are passkeys and how will they work?
Passkeys are a new method of signing in to apps and websites that provide a superior user experience and greater security than traditional passwords. Users can now eliminate the need to remember complex passwords containing caps and small letters, numbers and special characters.
Passkeys, on the other hand, allow users to sign into their Google accounts using fingerprint or face recognition or screen lock PIN. These passkeys are highly resistant to online attacks such as phishing, which makes them a more secure option compared to other high-security measures such as OTPs.
Now the question arises, how to sign in to your Google account using a passkey instead of a password?
To create passkeys, you must be using:
- A laptop or desktop with at least Windows 10, macOS Ventura, or ChromeOS 109 installed.
- A mobile device has iOS 16 or later or Android 9 or later version installed
- A hardware security key that supports the FIDO2 protocol
- Having a compatible web browser – Chrome 109 or up, Safari 16 or up, Edge 109 or up – on your PC or mobile device is a must.
To create passkeys, you should follow the steps:
- Visit this Google page to activate passkeys.
- Tap Create a passkey and Continue.
- Follow the instructions
- To complete the creation of your passkey, you may be required to unlock your device.
Are Google passkeys really secure?
Now we know all the advantages of having a passkey to safeguard your Google accounts. But are there any disadvantages of passkey as well? How easily can a hacker hack your Google account secured with a passkey set on it?
Let’s find out.
Google advises everyone to create passkeys only on devices that they personally control. This is mainly because if you create a passkey on a device, even if you log out of your Google Account, anyone who can unlock that device will be able to access your Google Account with the passkey.
To solve this problem, Google made these passkeys compatible only with personal accounts. Therefore, if you have a Google Workspace account provided by your school/college or office employer, you will not be able to use passkeys to sign in at this time.
While passkeys do provide an extra layer of security, they are not infallible. As with any security measure, there is always a risk of exploitation or compromise. For example, if an attacker gains physical access to the user’s security key, they may be able to bypass the passkey authentication and access the user’s account. Additionally, passkeys may not be suitable for all users, particularly those who have difficulty keeping track of physical devices or do not have access to compatible devices.
It’s important to note that passkeys are not intended to be a replacement for all passwords. Instead, they are designed to provide an additional layer of security for high-value accounts or sensitive data. As with any security measure, it’s important for users to follow best practices such as keeping their devices secure, using strong and unique passphrases, and regularly monitoring their accounts for suspicious activity.
Therefore, despite introducing the passkey option, the problem of dealing with multiple passwords for internet users having multiple accounts hasn’t got a permanent solution yet. Passkeys are currently giving you partial relief and you would still need to safeguard your non-personal accounts with passwords.
But, the Google passkeys option may soon be available for all types of accounts with added security functionalities. Undoubtedly, passkeys are just the beginning and it’s the dawn of the password-less future.
