In a major announcement, Google has revealed that it is now offering support for passkeys across all its platforms. With this update, users will be able to enjoy a password less sign-in experience on websites and apps using fingerprinting, facial recognition, or a local pin, without the need to enter a password or complete 2-step verification (2SV).
To set up a passkey, users can log in to a website or app using their existing username and password, and then opt to create a passkey that can be stored in a solution like Google Password Manager for future logins.
Compared to traditional passwords, passkeys are much more secure and resistant to credential theft, phishing, and social engineering scams. This makes them a safer and more convenient alternative, especially considering how even the most tech-savvy users can be fooled by phishing attempts and other scams.
In their official blog post, Google software engineers Arnar Birgisson and Diana K. Smetters noted that “passkeys are a more convenient and safer alternative to passwords.” With broader support for password less sign-in options, Google accounts are now more resistant to identity-based attacks, offering users greater peace of mind and protection online.
Password-based security inefficient for modern enterprise
The release comes as the weaknesses of password-based security are becoming increasingly apparent, with hackers leaking more than 721 million passwords online last year. Vendors including Microsoft and Apple have committed to developing a common passwordless sign-in standard.
While existing technologies like multi-factor authentication (MFA) have helped to enhance online account security, they haven’t fully addressed the risk of credential theft due to their susceptibility to SIM swap attacks that hijack the SMS verification process, and the inconvenience of adding additional authentication steps for end users.
Password less login options like passkeys that enable users to log in with bio-metric data provide a user-friendly alternative that decreases the likelihood of a successful account takeover attempt.