Today, Google announced the possibility of using authorization without a password called “Passkey” or “Access key” by default for all user accounts. This comes five months after the company announced the implementation of support for this standard across all accounts and on all Google platforms.
According to Google products managers, Sriram Carra and Christian Brand, users will now be prompted to create and use an access key when logging into their accounts, which will simplify future authorizations. They also added that users will find the option to “pass the password when possible” in their Google account settings.
What is Passkeys?
“Passkeys” or “access keys” are a new form of authentication that eliminates the need for usernames and passwords. It operates without any additional stage of authentication and uses public key cryptography to verify user access to websites and applications.
Each Passkey is unique and linked to the user’s name and a specific service. Users can configure multiple access keys for different accounts and even multiple access keys for a single account, as they only work within a specific platform.
How does it work?
When a user enters a website or application that supports access keys, a random request is generated and sent to the client. The user then verifies the request using biometrics or a PIN code, signs it with a private key, and sends it back to the server. If the signed response can be verified using a corresponding public key, the authentication is considered successful.
The main advantage of access keys is not only the elimination of password memorization but also their resilience against phishing attempts, providing enhanced account protection.
In addition, it is worth mentioning that the development of this feature comes shortly after Microsoft’s introduction of access keys in Windows 11 to enhance account security. Popular platforms such as eBay and Uber have also recently implemented support for access keys.