Enlarge / Google says the login flow will go something like this, from left to right: type in your username, pick a passkey, scan a finger. Hopefully your device has biometrics. (credit: Google)
Google is taking a big step toward our supposedly passwordless future by enabling passkey-only Google accounts. In the blog post, titled "The beginning of the end of the password," Google says: "We’ve begun rolling out support for passkeys across Google Accounts on all major platforms. They’ll be an additional option that people can use to sign in, alongside passwords, 2-Step Verification (2SV), etc." Previously, you've been able to use a passkey with a Google account as part of two-factor authentication, but that was always in addition to a password. Now it's possible to use a Google account with a passkey instead of a password.
A passkey, if you haven't heard of the new authentication method, is a new way to log in to apps and websites and may someday replace a password. Password entry began as a simple text box for humans, and those text boxes slowly had automation and complication bolted onto them as the desire for higher security arrived. While you used to type a remembered word into a password field, today, the right way to use a password is to have a password manager paste a random string of characters into the password box. Since few of us physically type in our passwords, passkeys remove the password box.
Passkeys have your operating system directly swap public-private keypairs—the "WebAuthn" standard—with a website, and that's how you get authenticated. Google's demo of how this will work on a phone looks great—the usual box asks for your Google username, then instead of a password, it asks for a fingerprint, which unlocks the passkey system, and you're logged in.
Read 6 remaining paragraphs | Comments