Google has finally started rolling out support for the passkeys authentication method, which it claims is more secure than ordinary passwords and even two-step verification (2SV), after over ten years of preparation and a year of declaring support for the same.
A year ago, Apple, Google, and Microsoft jointly stated that they will start adopting the same passwordless technology, which would dramatically improve user security across all major platforms. The system must also be implemented by services, therefore this is only the first step.
Password authentication is as easy to use on mobile devices as it is on computers, whether your biometric authentication technique is a face scanner or a fingerprint reader. Physical authentication keys and a standard device lock PIN can also be used to authenticate it. The passkey only exists in that specific device after it has been created. According to Google, the fact that passkeys are virtual makes it easier to avoid fraud because they cannot be written down or supplied to a bad actor.
The passkey merely verifies that you are the one trying to log in when you visit a compatible website or app on your laptop or mobile device by using the device’s biometric system or by typing in a PIN (lock screen authentication method). After that, the passkey logs you in. As long as you don’t use a standard PIN (0000, 1234) to unlock your device, Google’s biometric data isn’t shared online and isn’t saved in the cloud either, making the entire system relatively safe.
According to Google, passkeys can currently be used as a second form of authentication. Therefore, it works well when combined with 2SV systems and ordinary passwords at this time.
Passkeys essentially eliminate the need for lengthy and complex passwords, which should ideally be different for each service or website a user visits. Given that many of us browse numerous websites and apps on a daily basis, remembering these is in fact a challenge. Standard passwords must be kept in mind and tracked, but they must also be updated periodically for security reasons. So, for the time being, switching to passkeys does seem to be an easier solution.
As members of the FIDO Alliance and the W3C WebAuthn working group, Google, Microsoft, and Apple helped develop the authentication scheme that Passkeys employs. This also means that the solution works across multiple platforms and browsers, provided they have adopted this standard.