After nearly a decade of groundwork and a year of announcing support for the same, Google has finally begun rolling out support for the passkeys authentication system, which is claimed to be more secure than standard passwords and even a 2-step verification (2SV). This is a significant step towards a passwordless future, as it reduces the need to remember long and complicated passwords.
What Are Passkeys and How Do They Work?
Passkeys are a new authentication system that is more secure than standard passwords and 2SV. Logging in with passkeys is as simple as using your biometric authentication method, whether that's a fingerprint reader or a face scanner on mobiles or laptops. It can also be authenticated using a regular device lock PIN and with physical authentication keys. Once the passkey has been created, it solely resides in that particular device. Google explains that since passkeys are virtual, they cannot be written down or given to a bad actor, which makes it easier to prevent fraud.
How Do You Use Passkeys?
When logging into a supported website or app from your mobile device or laptop, the passkey checks with your device's biometric system or typed in PIN (lock screen authentication method) to simply verify that it's you who are trying to log in and then logs you in. The biometric data, as per Google, is not shared online or stored in the cloud either, making the entire system quite safe as long as you don't use a simple PIN (0000, 1234) for unlocking your device.
Passkeys Can Be Used As an Additional Method of Authentication
Google claims that passkeys can be used as an additional method of authentication for now. So, it can currently be used alongside regular passwords and 2SV systems well. This also means that the solution works across multiple platforms and browsers, provided they have adopted this standard.
Passkeys Reduce the Need to Use Long and Complicated Passwords
Passkeys basically reduce the need to use long and complicated passwords, which are ideally supposed to be unique for every service or website a user visits. Remembering these is indeed a task given that many of us access a number of websites and apps on a daily basis. Apart from remembering and keeping track of them, standard passwords also need to be changed from time to time for security reasons. Therefore, switching to passkeys sure does seem like a simpler way out, for now.
Passkeys use an authentication system that Google, Microsoft, and Apple helped create several years ago as a part of the FIDO Alliance and the W3C WebAuthn working group. This joint effort ensures that the solution works across multiple platforms and browsers, provided they have adopted this standard.
The introduction of passkeys marks a significant milestone in the shift towards a passwordless future. While it may not be entirely possible to do away with passwords anytime soon, passkeys offer a more secure and convenient alternative for now. As the system gains more support from services and websites, we may soon see the end of the era of remembering and resetting passwords.