Google has decided to make passkeys the default login option for personal Google Accounts, marking a potentially highly significant development in the cybersecurity industry’s march toward a passwordless future.
A blog post attributed to Senior Product Manager Sriram Karra and Group Product Manager Christiaan Brand asserted that since Google rolled out support for passkeys earlier this year, the company has “received really positive feedback from our users,” who have been using the mobile-based authentication method across apps like YouTube, Search, and Maps. The post emphasized that passkeys are much more convenient than using complex – and often forgotten – passwords, but also noted that they are “phishing resistant.”
Developed through collaboration between Apple, Google, Microsoft, the FIDO Alliance, and the World Wide Web Consortium (W3C), passkeys essentially store cryptographic login credentials on a user’s personal smartphone, which can only be unlocked through biometric authentication or by entering the device’s PIN. When the biometric option is used, this means that passkeys combine two different kinds of authentication factors — something the user has (their smartphone) and something the user is (their face or fingerprint).
Given the solution’s security and its popularity among users, Google is now working to nudge users to embrace the passkey. Users are going to start seeing prompts to go passwordless by creating passkeys when they sign into their accounts. At the same time, a “Skip password when possible” option will be popping up in their Google Account settings. Those who don’t want to go passwordless still have the option of switching that off, if they so choose.
Passkeys have enjoyed growing support across various platforms since their launch on Apple’s iCloud Keychain platform in 2021. Most recently, the major password manager 1Password became the latest to embrace the solution, and further support is anticipated from the WhatsApp messaging platform.
Google’s decision to make passkeys the default login option could prove consequential in getting more end users familiar with the authentication system. And the company’s Sriram Karra and Christiaan Brand promised to keep users “updated on where else you can start using passkeys across other online accounts” as they work toward their goal of “making passwords a rarity, and eventually obsolete.”
Source: The Keyword
October 11, 2023 – by Alex Perala