Image Credit: Google
Google declared Passkeys are rolling out to Google Account users globally today.
The news comes nearly a year after Google, Apple, Microsoft and the FIDO Alliance announced a partnership to make frictionless passwordless logins a reality across devices, operating systems and browsers.
While multi-factor authentication mechanisms and password managers offer reasonable security improvements over traditional username/password workflows, they are not without their drawbacks. An authentication code sent via SMS can be intercepted, for example, making it too inconvenient for some to use additional third-party password management software.
With Passkeys, users’ authentication is synchronized across all their devices through the cloud using cryptographic key pairs, allowing them to log into websites and apps using the same biometrics or screen-lock pin they use to unlock their devices. As it requires physical access to the user’s device, this makes it more difficult for bad actors to remotely access users’ accounts.
It’s been a long time coming
It’s worth noting that Google, like Apple and Microsoft, already supports FIDO’s password-free login standard, but requires users to log in to every website or app on every device before they can use it. However, as a result of the alliance, all three have begun implementing the standard on their respective systems, including browsers (eg Edge, Safari and Chrome) and operating systems (Android, macOS and Windows). Effectively, someone who wants to access their Google Account on a Windows laptop can use the passkey from their iPhone.
Over the past year, the tech triumvirate has been slowly rolling out support for PassKeys, with Apple introducing support for iOS in September, enabling iPhones to act as login tools for any companion website or app. PayPal introduced support for passwords on iOS in October, along with other companies like Shopify, Kayak and Docusign.
Starting today, Google Account users can also use passkeys.
Users can Enable passwords By logging into their Google accounts, although this is completely optional – passwords and other existing multi-factor authentication tools still work to a greater extent.
Passkeys seem to only be compatible with personal accounts at the moment, as Google has mentioned the option for workplace administrators to enable this for their users “soon.”