Google introduces passkey sign-in with farewell note to passwords

As of May 3, 2023, Google users can opt to secure their accounts using passkeys rather than passwords, according to a blog post on the company’s website. Passkeys allow users to sign in using fingerprint or face biometrics, or through a device screen lock, such as a local PIN.

In keeping with an industry-wide trend toward adopting passkeys, the company is promoting passkeys as a faster, simpler and more secure alternative to existing sign-in options, including multi-factor authentication.

“Using passwords puts a lot of responsibility on users,” write the authors of the post, Arnar Birgisson and Diana Smetters. “Choosing strong passwords and remembering them across various accounts can be hard. In addition, even the most savvy users are often misled into giving them up during phishing attempts.”

Since a passkey exists only on a particular device, when a user signs in with one, it verifies that they are in possession of the device and have the ability to unlock it. This reduces the risk of a password being accessed by bad actors via phishing or privacy breaches. Any shared biometric data unlocks the passkey locally and never goes beyond the device.

The sign-in system works through communication between a cryptographic private key and a corresponding public one, which is uploaded to Google when someone generates a passkey on a device. Unlocking the device provides a unique signature, which is only sharable with Google, to the public key, enabling access to one’s account. Since the sign-in is activated through the private key stored on the device, it means biometric data does not go to Google.

Google’s post specifies that passkeys “are built on the protocols and standards Google helped create in the FIDO Alliance and W3C WebAuthn working group. This means passkey support works across all platforms and browsers that adopt these standards. You can store the passkeys for your Google Account on any compatible device or service.”

Apple began testing passkeys for iPhones in 2021.

Consumer preference for passkeys follows push by industry

The biggest names in tech have all pledged to expand support for passkeys. In tandem with corporate preference, consumers have also been warming up to passkeys as an alternative to passwords, according to new research from the FIDO Alliance.

Key findings from a survey of roughly 1,000 U.S. citizens, which the organization is releasing on Thursday to mark World Password Day, show that 57 percent of respondents expressed interest in using passkeys. While passwords are still the most common authentication method, preference for biometric options is growing.

Also of note was the declining reputation of passwords. The survey showed that 60 percent of consumers abandoned purchases over a forgotten password, and that 90 percent had to reset or recover a password.

In addition to Google, FIDO Alliance senior member companies include Apple, Amazon, Visa, Microsoft, Intel and American Express. The organization’s stated mission is to “help reduce the world’s over-reliance on passwords.”

Originally created by Intel in 2013 as a way to promote robust password security, World Password Day is celebrated every year on the first Thursday in May. Yet signs suggest it may soon, like passwords themselves, be obsolete.

Article Topics

biometric authentication  |  biometrics  |  FIDO Alliance  |  Google  |  passkeys  |  passwordless authentication