Google is now offering the option for users to log in to their accounts without a password. Instead, a passkey can be used as a secure alternative. This feature is available across all Google services and platforms, and was first introduced in late 2022 for the Chrome browser and Android OS.
Google’s Passkeys
Previously, passkeys could only be used with a Google Account as part of two-factor authentication, along with a password. However, Google is now implementing password-free login support for all its services and platforms, allowing users to log in to their accounts using only a passkey.
Passkeys are tied to each device, such as a computer, tablet, or smartphone, and work locally. Users can use a PIN or biometric data, such as fingerprints or facial identification, to log in to websites and applications. This is a safer and more convenient alternative to passwords, as users no longer need to remember and store complex passwords.
When a user logs in with a passkey, their device signs a unique challenge with a private key. The device will only do this if the user approves the transaction by unlocking their device. Google then verifies the signature using the user’s public key. This ensures that the signature can only be transmitted to Google sites and apps, protecting users from phishing attacks.
Passkeys are securely backed up and synchronized with the cloud, making it easy for users to transition to new devices without losing access to their accounts. This works across all major browsers and platforms, including Windows, macOS, iOS, and ChromeOS. For example, if a user creates a passkey on an iPhone, it will also be available on other Apple devices that log into the same iCloud account with password-free access.
Google, Microsoft, and Mozilla have supported Web Authentication credentials (WebAuthn, aka FIDO credentials) since April 2018, when they first announced plans to support the new API in Chrome, Edge, and Firefox browsers. Microsoft and Apple also announced passkey support in May 2022, making WebAuthn the standard way to log in to accounts without a password for their platforms.
Overall, the implementation of passkey support offers a more secure and convenient way for users to access their accounts and protect their personal information.
Limitations
While the introduction of passkeys is a step towards a future without passwords, it’s important to note that we may not be able to completely eliminate the use of passwords in the near future. One of the limitations of passkeys is that they are currently synchronized using the operating system ecosystem, rather than the browser, which some experts consider to be a significant drawback compared to the traditional password system.