Are you tired of using your password and just forgetting it at times while using Google? Google has now come up with passkeys, a new way to login that is both safer and more convenient. With passkeys, users can sign in to apps and websites with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, freeing them from having to remember and manage passwords.
Passkeys provide robust protection against phishing attacks, unlike SMS or app-based one-time passwords. Since passkeys are standardised, a single implementation enables a passwordless experience across different browsers and operating systems, according to Google.
WHAT ARE PASSKEYS?
A passkey is a digital credential, tied to a user account and a website or application. Passkeys allow users to authenticate without having to enter a username, password, or provide any additional authentication factor.
This technology aims to replace legacy authentication mechanisms such as passwords. When a user wants to sign in to a service that uses passkeys, their browser or operating system will help them select and use the right passkey. It is similar to how saved passwords work.
To create a passkey for a website or application, a user must first register with that website or application.
1. Go to the application and sign in using the existing sign-in method.
2. Click Create a passkey
3. Check the information stored with the new passkey.
4. Use the device screen unlock to create the passkey.
When they return to this website or app to sign in, they can take the following steps:
1. Go to the application.
2. Click Sign in.
3. Select their passkey.
4. Use the device screen unlock to complete the login.
The user’s device generates a signature based on the passkey. This signature is used to verify the login credentials between the origin and the passkey.
A user can sign into services on any device using a passkey, regardless of where the passkey is stored. For example, a passkey created on a mobile phone can be used to sign in to a website on a separate laptop.
HOW DO PASSKEYS WORK?
Passkeys are intended to be used through the operating system infrastructure. It allows passkey managers to create, backup and make passkeys available to the applications running on that operating system. On Chrome on Android, passkeys are stored in the Google Password Manager, which synchronises passkeys between the user’s Android devices that are signed into the same Google account.
Users aren’t restricted to using the passkeys only on the device where they’re stored. It can be used when logging into a laptop, even if the passkey isn’t synchronised to the laptop, as long as the phone is near the laptop and the user approves the sign-in on the phone. As passkeys are built on FIDO standards, all browsers can adopt them.