No More Passwords for Android Users! Google Passkeys.
Google Developers

No More Passwords for Android Users! Google Passkeys.

Google has taken the next step towards a?Passwordless?future by?announcing?the arrival of passkeys. Passkeys are a new cryptographic key solution that requires a pre-authenticated device. They are now available to Google account users on all major platforms. Starting today, Google users can switch to passkeys and ditch their passwords and two-step verification codes entirely when signing in.


Passkeys are more secure and easier to use than passwords. They are also more resistant to phishing attacks. To use passkeys, users simply need to scan a QR code or enter a code on their device. Once a passkey is created, it is stored on the user's device and synced to the cloud. This means that users can sign into websites and apps on any device using the same passkey.


Google is working with other tech companies to make passkeys a more widely adopted standard. Once passkeys are more widely supported, users will be able to sign into any website or app without having to remember or type a password. This will make it easier and more secure for users to sign into their online accounts.



What Are Passkeys

No alt text provided for this image
Google

Google identifies?Passkeys as?digital credentials, tied to a user account and a website or application. Passkeys allow users to authenticate without having to enter a username, or password, or provide any additional authentication factor. This technology aims to replace legacy authentication mechanisms such as passwords. When a user wants to sign in to a service that uses passkeys, their browser or operating system will help them select and use the right passkey. The experience is similar to how saved passwords work today. To make sure only the rightful owner can use a passkey, the system will ask them to unlock their device. This may be performed with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern.



Why Do You Need to Use Passkeys

No alt text provided for this image
Google Developers


Passkeys offer a safer alternative to passwords and texted confirmation codes. Users will not ever see them directly; instead, an online service such as Gmail will use them to communicate directly with a trusted device such as your phone or computer to log you in. Here are some of the benefits of using passkeys:

  • They are more secure than passwords.
  • They are easier to use than passwords.
  • They are more resistant to phishing attacks.
  • They work on a variety of devices.

If you are looking for a more secure and convenient way to sign in to websites and apps, then you should consider using passkeys.



How to Start Using Passkeys

No alt text provided for this image
Google

To get started, the initial step involves enabling passkeys for your Google account. Simply open a web browser on any trusted phone or computer, sign in to your Google account, and navigate to the?g.co/passkeys?page. From there, select the option to "start using passkeys," and you're all set! The passkey feature will now be activated for your account.


If you're using an Apple device, you'll first need to set up the Keychain app, provided you haven't already. This app securely stores passwords and now supports passkeys as well.


Moving on to the next step, you'll need to create the actual passkeys that establish a connection with your trusted device. If you're using an Android phone that's already logged into your Google account, you're almost there. Android phones are automatically prepared to use passkeys, but you still need to enable the function initially.


On the same Google account page mentioned earlier, locate the "Create a passkey" button. Clicking it will open a window where you can generate a passkey either on your current device or on another device. There's no right or wrong choice here; the system will simply notify you if the passkey already exists.



Supported Devices

Support for passkeys is being rolled out to major operating systems and browsers. This process is ongoing and is expected to continue into 2023.

Here is a list of the operating systems and browsers that currently support passkeys:

  • Apple iOS 16 and macOS Ventura
  • Google Chrome 83+
  • Microsoft Edge 83+
  • Mozilla Firefox 91+
  • Opera 88+

If you are using an operating system or browser that is not listed above, you may not be able to use passkeys yet. However, support for passkeys is expected to be added to more operating systems and browsers in the future.

Once support for passkeys is available in your operating system and browser, you will be able to create and use passkeys to sign in to websites and apps. Passkeys are more secure and convenient than passwords, so I encourage you to use them when they become available.

To check the complete list Click Here



Passkeys Issues

No alt text provided for this image
Shutterstock

One drawback of passkeys is their limited popularity, which remains relatively low. Despite Google's dedicated efforts towards passkeys, it doesn't necessarily mean they are fully prepared for widespread usage. Specifically, certain operating systems such as Windows, Linux, and Chrome OS are not as advanced in terms of passkey implementation compared to MacOS, iOS, and Android. Much progress is still needed in this area. However, the official passkeys.dev website provides a useful page that keeps track of the readiness of each platform individually. It would be unfortunate to find yourself locked out of your Google Passkey account while using Chrome OS, unless you switch back to using a password.


Another issue that arises with passkeys is the method of synchronization, which differs from the way passwords currently function. Passkeys rely on the ecosystem of your operating system rather than browser-based synchronization. Unfortunately, this represents a significant setback and doesn't seem to be resolved in the near future. The way passkeys operate is not equivalent to how passwords function presently. For instance, if you add a password to Chrome on Windows, it will instantly become accessible on any device where Chrome is installed, be it an Android phone, MacBook, iPhone, Chromebook, and so on.

Trapped in The Ecosystem... Again!

No alt text provided for this image
Hamster Wheel Empty Digital Art by Allan Swart - Pixels

As per the FIDO Alliance, passkeys are designed to be

Synced to all the user's other devices running the same OS platform.

In practical terms, this means that if a user adds a passkey to Chrome on a Windows device, it will only synchronize with other Microsoft operating systems. This is because the passkey gets added to the passkey store of the OS vendor, Microsoft. A similar seamless synchronization occurs when using Apple products, where everything syncs effortlessly without any noticeable changes.?However, the situation becomes more complex for users who operate across different operating systems, such as Windows and Android, Android and Linux, or any other combination involving different OS vendors. In these cases, a QR code and Bluetooth-driven transfer process are required for syncing passkeys. The major technology brands responsible for passkeys do not seem particularly motivated to make them as user-friendly and practical as passwords. This lack of simplicity and convenience poses a significant obstacle to the widespread adoption of passkeys.?


1Password addresses the sync challenges by stating,

Currently, passkeys on other platforms require you to use a device from the same ecosystem to authenticate. Syncing with other operating systems or sharing passkeys necessitates tedious workarounds, such as QR codes, resulting in a more complicated and less secure experience.



Passkeys Are Not Open Enough

1Password and similar apps may or may not be included in the major technology companies' passkey initiatives. Despite claiming to be a member of the FIDO Alliance, 1Password acknowledges in a video on their passkey page that passkeys lack the desired level of openness. The video states:?

Current solutions fail to fulfill the promise of openness and interoperability. If you create a password on your iPhone or Android device today, it remains largely confined. Sharing, transitioning to another platform, or syncing with your preferred password manager is not a straightforward process. We have the potential for improvement. That's why we're thrilled to present to you what the future could look like if passwordless technology were more open.


1Password's passkey website contains various expressions of possibility and expectation, using words like "could" and "should." However, the company is actively working on a solution that is slated to be ready by "this summer." Nonetheless, the significant regression in cross-platform compatibility within the default setup, which most people would use, poses a substantial limitation to the appeal of passkeys. Even if the company manages to address the synchronization issue with passkeys, there is no guarantee that they will be widely embraced.



Referances

You no longer need a password to sign in to your Google account - The Verge

https://www.theverge.com/2023/5/3/23709318/google-accounts-passkey-support-password-2fa-fido-security-phishing

So long passwords, thanks for all the phish – Google Security Blog

https://security.googleblog.com/2023/05/so-long-passwords-thanks-for-all-phish.html


Device Support – Passkeys.dev

https://passkeys.dev/device-support/


Passwordless login with passkeys - Google

https://developers.google.com/identity/passkeys


Google to abolish passwords for ‘passkeys’: Here’s what to know?-?Aljazeera Tech News

https://www.aljazeera.com/news/2023/5/4/google-to-abolish-passwords-for-passkeys-heres-what-to-know


Google “kill” passwords, launched passkeys but there are issues?– Gizchain

https://www.gizchina.com/2023/05/04/google-kill-passwords-launched-passkeys-but-there-are-issues/


Passkeys in Action – FIDO Alliance

https://fidoalliance.org/passkeys/#:~:text=Syncing%20of%20passkeys%20is%20end,become%20available%20on%20all%20devices.


The passwordless experience you deserve?– 1Password

https://www.future.1password.com/passkeys/


#google #passkeys #passwordless #FIDO #1password

Roberto Ishmael Pennino

Cybersecurity Human Risk Management Researcher | Cybersecurity Awareness Specialist | GCIH | GSEC | GFACT | CC

8 个月

Congratulations, Hamed Al Faisal ??! Exciting news indeed about Google's latest leap towards a passwordless future with Passkeys. Your expertise in cybersecurity is invaluable, and I'm sure your insights will help many navigate this transformative shift. Wishing you continued success in your endeavours! #Cybersecurity #Passkeys #FutureReady

回复
Sania W.

Cyber Security Analyst @ MNP | GCIH | GSEC | GFACT | Penetration Testing | Author

8 个月

Very informative

回复
Rasheed Khankan

Founder of DEVELOPED TECHNOLOGIES ?? Ph.D. (c) in antennas and remote sensing

1 年

Great essay, it's really inspiring. We are suffering from storing passwords of our accounts on a separate file.

Oleksandr D.

Senior Systems Engineer at AMD

1 年

The only worry I have is what to do if your house burned down and all devices/passkeys are lost. At least with password if you remember it there might be a chance

要查看或添加评论,请登录

社区洞察

其他会员也浏览了