Google’s new passkey technology may symbolise the ‘beginning of the end’ for passwords, according to the technology giant. This is because the technology allows a user to authenticate themselves using fingerprint ID, facial ID or a pin on the phone or device they use for authentication purposes.
The technology has been developed as part of the FIDO (Fast Identity Online) Alliance, with Apple, Google and Microsoft leading the charge.
Companies such as eBay, DocuSign, PayPal and a number of other businesses are already using passkey technology. For example, Apple rolled out the technology as part of iOS16 and the latest MacOS release, and Microsoft has been using it through the Authenticator app.
How does passkey technology work?
Users can create a passkey for each device they use, or the operating system or app used to manage the passkeys can be shared between the devices. A cryptographic private key is stored on the device, and there is a corresponding public key uploaded to Google.
When a user signs in, the device must solve a unique challenge using the private key to generate a signature. This signature is then verified using the public key and account access is then granted.
For privacy purposes, Google only ever sees the signature generated and the public key. The company says that this will prevent people using phishing, SIM-swapping and other methods to obtain passwords and bypass authentication methods.
Each passkey is unique to each service a person uses. This means that there’s no risk of one compromised account compromising every other account that uses a passkey. For convenience, customers can temporarily share their passkey to a new device.
For now, Google has said that it will allow people to use passwords in circumstances where they do not have the passkey-enabled device available. However, the company has also said that it will pay closer attention to accounts using passwords for signs of compromise.
Why does this matter?
For their part, Google says that the move towards passkey technology signifies the ‘beginning of the end’ for passwords for Google accounts. However, Google has also stressed that the technology remains in its early stages and that it will be a while before there is mass adoption across apps and websites.
The move away from passwords has delighted security experts. This is because they believe that passkeys will stop phishers from accessing credentials. This will make the online world safer for users.