The idea of a password-free future may have just taken a giant step forward. Google, along with Microsoft and Apple, promised something called the “FIDO Alliance” – short for “fast identity online – a year ago and Google is first out of the box with its version.
Beginning immediately, Google users can create and use passkeys on their own personal Google accounts on mobile phones and tablets. With this method, Google will no longer ask for your password or 2-Step Verification (2SV) when you sign in.
The company wants consumers to accept that passkeys are a more convenient and safer alternative to passwords. Convenient, in that they work on all major platforms and browsers and allow users to sign in by unlocking their computer or mobile device with their fingerprint, face recognition or a local PIN. Safer, because the passkey is stored on the device and not up in the cloud or on a server somewhere.
"The only way to get users to move away from passwords is by creating alternatives that are easier to use than the current authentication methods,” Igal Flegmann - co-founder & CEO of Keytos, told ConsumerAffairs.
“Passkeys are an excellent step in that direction by removing the need for a user to remember a password and instead using biometric information on their device to quickly sign in. Now we as consumers must ask the rest of the industry to adopt passwordless authentication methods."
Google says this should cut down on phishing
One of the main benefits to passkeys is that they are unphishable, Rishi Bhargava, co-founder at Descope, said.
“Passkeys are not something a user can write down in a notebook or accidentally share with cybercriminals. Because the private key on your device is only meant to work with the public key on the account where the passkey was created, fake credential harvesting sites are also not a concern,” he added.
Bhargava said while multi-factor authentication is critical for reducing phishing, the extra verification step can cause friction for consumers.
How to put this into action
To move your Google account to the new passkey version, all you have to do is go to this link from the device you'll be using it on (i.e., a phone or tablet). Then, log in with your regular username, password, and any other authentication codes you have set up, click on "+ create a passkey" on that device.