Google launches synched passkeys as tech giants move away from passwords

Digital technology giants are directing their efforts toward implementing passwordless authentication, with a particular focus on using passkeys, to avoid the vulnerabilities that come along with passwords.

Google has quietly introduced a new feature enabling the automatic synchronization of passkeys. This functionality facilitates the transfer of passkeys generated on Android devices to Windows and macOS platforms.

Furthermore, Oracle’s chief technology officer, Larry Ellison, has announced the company’s decision to transition away from traditional passwords for system access in favor of biometric security measures. Similarly, Samsung has developed Knox Vault, a hardware-backed security system to safeguard sensitive information such as PINs, passwords, and biometric data.

Google synchronizes passkeys across operating systems

Tech giant Google has recently taken steps to enhance the efficiency of passkeys for users who utilize multiple devices with different operating systems. With the new automatic synchronization feature, Google can generate passkeys on an Android device that can be used on Windows and MacOS devices without additional setup. The synchronization is made possible by using Google Password Manager in Chrome.

As a result, users are no longer required to scan QR codes or enable Bluetooth to transfer passkeys between their devices. The synchronization takes place in the background through the password manager. The company anticipates cross-OS compatibility will lead to more adoption of passkeys.

In terms of implementation, the private keys are not directly synchronized across devices. Instead, the system utilizes a key-wrapping service to secure these keys. The approach ensures that even if someone were to gain access to the data being transferred, they would not be able to recover the original passkey secrets.

Moreover, the client device must sign requests using a hardware-backed key to access the key-wrapping services. In the case of the Windows operating system, this key would be a Trusted Platform Module. These private keys are temporarily held in memory to reduce the risk of exposure to hackers.

Google’s passkey automatic synchronization operates under AMD’s Secure Encrypted Virtualization — Secure Nested Paging (SEV-SNP) to provide security for virtual machines. This feature utilizes the Oak project framework.

Google’s new passkeys feature has limitations, as it relies on Chrome and Google Password Manager. Automatic synchronization is only available for users of these platforms.

Furthermore, passkeys must be generated on an Android device as there is currently no support for generating passkeys on Windows or macOS and then synchronizing them to other systems. Passkeys generated on Android cannot be transferred to iOS devices.

A similar feature is already present in Apple’s iCloud Keychain, enabling passkeys to synchronize across iPhones, iPads, and Macs. However, it lacks support for non-Apple platforms. The new iOS 18 may expand the capability to include Windows, bridging the gap in cross-platform compatibility, Heise Online reports.

Using passwords is a ridiculous idea, says Oracle CTO Larry Ellison

During a keynote at Oracle CloudWorld 2024, Oracle CTO Larry Ellison criticized the use of passwords as a “terrible idea” and “obsolete.”

He announced that by next year, Oracle employees will no longer use passwords for system access. Instead, the company will implement biometric security measures such as facial recognition, thumbprint recognition, and voice recognition.

This shift is motivated by the perception that passwords are insecure and easily compromised. Biometric logins are seen as a more secure and efficient alternative, as they make it difficult to impersonate someone with proper biometric authentication, including liveness detection.

Samsung introduces Knox Vault to store biometric data

Samsung has enhanced user security across its devices by implementing hardware-backed security, passkeys, and a software framework for interconnected devices.

In 2021, the company developed Knox Vault, a hardware-backed security system that integrates into Samsung devices to store PINs, passwords, and biometric information, isolating it from the main operating system.

While various smart device manufacturers focus on passwordless authentication, Samsung has introduced passkeys into its ecosystem through Knox Matrix and Samsung Wallet. The system allows users to log into applications and websites on Galaxy devices using biometric authentication.

Samsung has also created Knox Matrix, a security framework designed to secure interconnected devices. The system operates on a decentralized blockchain, enabling each connected device to monitor and ensure the security of the entire ecosystem. Knox Matrix utilizes a “multi-layered” approach to detect spam, viruses, and malware.

Article Topics

biometric authentication  |  biometrics  |  Google  |  Oracle  |  passkeys  |  passwordless authentication  |  passwords  |  Samsung Knox Vault