Google ushers in the era of passkeys: Goodbye to passwords

Access your own Online profiles It’s about to get simpler, faster, and more forget-proof: Google It is the introduction of the possibility of useBiometric access Instead of passwords to enter many sites, not only via smartphone, but also via computer. To be precise, it is now possible to access via passkey to some partner sites such as Uber, eBay And WhatsApp.

Access is viaPasskey“, an evolution of the passwords we all know, and many smartphone apps already use today instead of the old combination of username and access code. At the basis of this new technology is the now inevitable observation that users don’t want to put in the effort to create (and remember) Complex password.

How do passkeys work?

In practice, a passkey is a biometric-based authentication method: fingerprint or Face scanalthough passkeys based on other factors (such as sound) may be invented in the future.

Replaces the passkey Both password and usernameso to access the location/profile, you just need to show your face or place your finger on the sensor, and nothing else.

Google passkeys are tied to, but can be used with, the device they were created with All devices Register in Same Google profile.

So, for example, if we register a fingerprint-based passkey via our smartphone and set it as the access method to a particular website (for example a bank website) via our home computer, we can use the smartphone to access that website even if we arrive from Another computerWithout having to enter your name and password.

Pros and cons of passkeys

The biggest advantage for the user is comfort: There is nothing to remember, the pass key is always with us (because we are ourselves). Indirectly, simplicity and convenience also increase security, because it discourages the user from using bad passwords, such as the now-classic password “1 2 3 4 5 6” And “password“.

They could be passkeys encryptedJust like passwords, even if they are stolen, they are more difficult to use:Hackers Our finger is not physically available to swipe the sensor, so it will have to use certain hardware to send the passkey to the location to be unlocked.

One of the drawbacks of passkeys is the fact that they are They make the user more trackable: If we access 10 consecutive websites using different combinations of usernames and passwords, then theoretically we could be 10 different users on the same computer; But if we always use the same fingerprint, then no, we are clearly always the same person.

How to create a passkey

to Create a passkey To use it on your computer, Google imposes some requirements. First you need a laptop or at least a desktop with it Windows 10, Mac Ventura or Chrome OS 109.

To use your smartphone as a passkey reader, you need at least one device with it iOS 16 or Android 9Screen lock and Bluetooth (to connect to the computer, which must also have Bluetooth).

You also need to Hardware security code Which supports the FIDO2 protocol, built into the device you are logging in with.

also Internet browser The user to access the sites on which you want to use the passkey must be compatible:

• Chrome 109 or later
• Safari 16 or later
• Edge 109 or later

Procedure for Create a passkey It is automated and starts from the web address www.google.com/account/about/passkeysclearly after authentication in the traditional way.

To use a passkey created on a smartphone on a computer, a passkey is created the first time QR code On the computer screen, which must then be framed by the smartphone camera Pair the two devices. In later times it will not be necessary to do this procedure.