A Google’s New Passwordless Authentication

In accordance with World Password Day, Google has launched its new feature called “passkeys” which will provide a passwordless authentication for users.

As mentioned, Google has been working with the FIDO Alliance, Apple, and Microsoft to support passkeys on their platform.

After today, All major platforms which use Google accounts for sign-in will have an additional option for Passkeys alongside passwords, 2-step Verification (2SV), and other sign-in methods.

Passkeys

Passkeys are a new and exciting way of signing in to applications and websites without passwords.

It is easier and more secure than the traditional password method, which we must remember for every account. 

Passkeys are like unlocking a device with Face ID, fingerprint, or screen lock PIN.

Google claims Passkeys are immune to phishing or other online attacks and are much more secure than SMS OTP (One-Time Password) codes.

Previously, Platforms like Docusign, Kayak, PayPal, Shopify, and Yahoo Japan have already streamlined this method for their users.

It is now available to Google users who want to go Passwordless for their sign-in.

Passkeys for Google Accounts

To create passkeys on your Google account, visit the passkeys website, which will initially ask you to sign in to your Google account to set up the passkeys. 

Passkeys Supported Devices

  • Laptop or PC with Windows 10 or macOS Ventura (macOS 13)
  • iOS 16 or Android 9 supported Device
  • Hardware Security Key that supports FIDO2 Protocol

Passkeys Supported Browsers

  • Chrome 109 or higher
  • Safari 16 or higher
  • Edge 109 or higher

Along with these requirements, the device must have a Screen Lock and Bluetooth available.

Once users visit the passkeys website, they are asked to “Create a new Passkey,” which can be done by the steps provided by Google. Once the passkeys are set up for the Google account, passkeys are ready to be used for signing in to that account.

If the account has passkeys enabled during sign-in, the users are prompted with a different window.

Passkey Login Window

If the user wants to go with a password, he can click “Try another way” to go to the password page. If the user wants to use passkeys, he can click on “Continue,” which will prompt which device to use for passkey confirmation.

Passkey Prompt for Device Selection

Here, the user can choose which device to use for passkey confirmation. After selecting the option, the user is presented with a prompt based on his selection.

If the user selects the “External Security Key” option, he is presented with a Security Key prompt and “QR Code” if the user has selected the “Use a Phone or Tablet” Option.

The user can use either of the devices he has used for generating the passkey to confirm their identity.

If the user scans the QR code for a passkey from his Phone or Tablet, the device asks to confirm his identity based on the unlock method he has set up. Once the user confirms the identity on his device, the passkey logs in to the user.

Security Key Prompt
QR Prompt

Google has released this feature as a part of its future passwordless program. It is yet another step towards a new feature.

Administrators will soon have the option to enable passkeys for their end-users during sign-in for Google Workspace accounts.

“Of course, like any new beginning, the change to passkeys will take time. That’s why passwords and 2SV will still work for Google Accounts.” Google says.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Source: gbhackers.com