Passwords are annoying, entering verification codes is annoying. And none of this is really secure either – keyword phishing. But what alternatives are there that are convenient and yet safe?
Google has enabled passwordless sign-in for all of its users’ accounts. The procedure is called Passkeys, is based on the security standard Fido 2 and should not be undermined by phishing attacks.
What are Google Passkeys?
The heart of the passwordless login is the so-called public-key cryptography with two key pairs. A private key is stored by the user. The other, public key is held by the service provider, in this case Google.
The login by the user is then secured again by means of a fingerprint or face scan or by entering a PIN, as is known from online banking, for example.
The passkeys procedure must be in the Google account settings activated become. In addition, the browser and, if applicable, the operating system must also support passkeys.
Read more: Apple, Google and Microsoft want to revolutionize login
Chrome can passkeys
Google has implemented this support for its Chrome browser for some time. The same applies to Android (from version 9), where the passkeys can be saved in the Google password manager. The manager also offers a backup function for passkeys and their synchronization with other Android devices.
As long as you’re using a Chrome browser, you can even use passkeys to log in on any device if you select “With another device” when logging in. Then you only have to scan a QR code with the smartphone on which the passkeys are available and you can then save the computer permanently to release registrations with the smartphone.
Microsoft and Apple are also on board
Passkeys support also comes from Microsoft for Windows and from Apple for macOS and iOS. Here it is interaction for logging into the Google account – but also overall – a bit more complex.
For example, passkeys created on iOS devices or in Safari on macOS are stored in iCloud Keychain. Chrome on Windows stores passkeys in Windows Hello. And, as already mentioned, passkeys created in Chrome on Android end up in the Google password manager.
At some point, however, passkeys should be able to synchronize across devices and systems without any problems. Google even promises that Android users will also be able to use third-party apps to manage passkeys in the future, as is known from password manager applications, for example.
The development is not finished yet
However, the supported environments are still under development. What is possible and what is not yet is explained in detail Google developer page.
It may be some time before developments are complete and passkeys have become established. Google is also aware of this and initially only offers passkeys for Google accounts as an option.
Normal passwords and the well-known two-factor authentication (2FA) can still be used.