in

Google now lets you sign in with a passkey instead of a password

screenshot by Lance Whitney/ZDNET

We all hate passwords — creating them, remembering them, storing them, and using them. Now Google has taken a major step toward a passwordless future, one that instead relies on passkeys. As of today, you can now log into any of your Google accounts using a passkey, which authenticates you via a facial or fingerprint scan or PIN instead of a password.

Also: The best password managers to easily maintain your logins

After adding and setting up a passkey, you’re then able to sign into and manage your Google account on any device. But rather than having to grapple with a password, you can more easily use one of the biometric methods or a PIN, the same way you would unlock your computer or mobile phone. And by enabling a passkey, Google will no longer ask for your password or even your two-step verification code when you sign in.

With the passkey stored locally on your device, the data used to authenticate you isn’t shared with Google or other parties and is considered not only more seamless but more secure than a traditional password. As such, passkeys are most resistant to phishing tactics, brute force attacks, and other security threats aimed at obtaining your credentials.

Also: The best security keys you can buy (and how they work)

The latest passkey standard is the brainchild of the FIDO Alliance, a group comprised of tech companies like Google, Apple, and Microsoft. In 2022, the alliance announced its passkey initiative aimed at a passwordless future. Though totally eliminating passwords is a process that will take years, Google’s support of passkeys is a significant step toward that goal.

Launched one day ahead of World Password Day on May 4, passkeys are optional, so people can continue to use their current password to access their Google accounts. Right now, the process is geared more toward individual users. But administrators who manage Google Workspace accounts will soon be able to enable passkeys for their users, Google said in a news release on Wednesday.

Also: 1Password is saying goodbye to passwords in favor of passkeys. Here’s why

“Existing methods, including your password, will still work in case you need them, for example when using devices that don’t support passkeys yet,” Google explained in a security blog post. “Passkeys are still new and it will take some time before they work everywhere. However, creating a passkey today still comes with security benefits as it allows us to pay closer attention to the sign-ins that fall back to passwords. Over time, we’ll increasingly scrutinize these as passkeys gain broader support and familiarity.”

To enable passkeys with Google, sign into your account with your existing password by heading to the passkey setup page. At the Passkeys screen, click the button for Use passkeys. The next time you need to sign into your account, you can then use your face, fingerprint, PIN, or a security key to authenticate yourself on that computer or device. Your passkey is specific to that device, but you can now use that method to log into your Google account in any browser or app.

Also: How to protect and secure your password manager

To use a passkey on a different device, sign into your account. The steps differ slightly depending on whether you’re signing into a Windows PC, Mac, Android device, or iPhone/iPad. You may be asked to scan a QR code or use the passkey from another device. Whatever the method, the ultimate goal is to add a passkey for your Google account on each device you use. The initial process can be clumsy, but once all your passkeys are set up, you can then bypass your password for any future logins.

Of course, Google’s support for passkeys is only one step. For this passwordless technology to catch on, other companies, developers, and users will have to adopt and integrate the same method. But hopefully, Google’s initiative will convince others to jump on the bandwagon and one day eliminate the password permanently.


Source: Information Technologies - zdnet.com

Singapore, US run cross-border cybersecurity drills to test banks’ resilience

Your phone contains your most personal information. Here’s how to keep it safe