Google Introduces Passwordless Secure Login with Passkey Lock for Google Accounts
Nearly five months after Google added support for passkeys to its Chrome browser, the tech giant is starting to roll it out passwordless solution across Google Accounts on all platforms.
Passkeys, supported by the FIDO Alliance, are a more secure way to log into apps and websites without having to use traditional passwords. This, in turn, can be achieved by simply unlocking their computer or mobile device with their biometric (eg, fingerprint or facial recognition) or local PIN.
“And, unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like SMS one-time codes,” Google noted.
The passkey, once generated, is stored locally on the device, and is not shared with any other party. It also eliminates the need to set up two-factor authentication, as it proves that “you have access to your device and can unlock it.”
Users also have the option of creating a passkey for each device they use to sign into their Google Account. That said, a pass-lock created on an iPhone will be available on other devices if they’re logged into the same iCloud account.
It should be noted that Google Password Manager and iCloud Keychain use end-to-end encryption to keep passkeys secret.
Additionally, users can sign in on a new device or temporarily use another device by selecting the “use passlock from other device” option, which then uses the phone’s screen lock and proximity to approve a one-time login.
“The device then verifies that your phone is in close proximity using a small anonymous Bluetooth message and sets up an end-to-end encrypted connection to the phone over the internet,” the company said. explained.
Learn How to Stop Ransomware with Real-Time Protection
Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.
“The phone uses this connection to send your one-time password lock signature, which requires your approval and the phone’s biometric or screen lock step. Neither the pass lock itself nor the screen lock information is sent to the new device.”
While this may be “the beginning of the end for passwords,” the company says it will continue to support existing sign-in methods like passwords and two-factor authentication in the future.
Google also recommends that users do not create a passkey on devices shared with other people, a move that can effectively undermine all of its security protections.