Google started testing this week for the use of passkeys on Android and Chrome. This new technology promises to increase users’ cybersecurity by eliminating the “human factor” in creating passwords and using cellular authentication for users to access their accounts.
In May, Google, Microsoft and Apple announced a partnership to improve technology that eliminates the use of passwords for logins. The three companies promise that all their services will support passkeys from 2023. Google’s tests are compatible with MacOS and Windows systems, as authentication is done by Chrome, but it is still necessary to use an Android smartphone.
Passkeys: the traditional QR Codes and biometrics for a secure login
To some, a world without passwords may sound futuristic. However, the passkey technology, also called passwordless (without passwords, in direct translation), from Google uses already known methods to guarantee a secure login: QR Code and biometrics.
Android smartphone users who want to test passkey will need to opt-in to this type of login in supported services.
After accessing a compatible service, the first step in using the passkey is to associate it with an account. Once this is done, it will be necessary to use biometrics, facial recognition or other cell phone unlocking method to authenticate access.
To log in, simply click on the account you want to log in and use the authentication method chosen earlier.
For desktops and laptops, the user will need, in addition to the Chrome browser, a smartphone — at the moment, only Android phones allow you to create a passkey for Safari and Chrome, regardless of whether it is installed on MacOS or Windows.
Passkey-compatible sites will display a QR Code for the user to receive a code on their smartphone. The reading of the QR Code will be carried out by the cell phone’s own camera — eliminating the need for Google Auth.
Goodbye to phishing?
One of the security advantages of the passwordless login method is to protect users from phishing scams. This practice consists of creating a fake website for the victim to enter the password of a very important account, a classic example is internet banking.
With a passkey login, the password is always updated, so the cybercriminal will not be able to rely on the passwords stored through your fake website. In addition, with more services adopting the method, password leaks would affect fewer users — a salvation for those who often use the same password for multiple accounts.