The way we sign in to apps and websites is changing. Passwords, the longstanding method of authentication, are being replaced by a simpler and safer alternative: passkeys. Google, alongside FIDO Alliance, Apple, and Microsoft, has announced the roll-out of support for passkeys across Google Accounts on all major platforms. This move aims to streamline the sign-in experience while offering a more secure way to authenticate users. In this article, we will explore what passkeys are, how they differ from passwords, and what the implications of this change are for users and businesses.
The Problem with Passwords
Passwords are not new, and they have been the go-to method of authentication for decades. However, passwords have their weaknesses, and they are becoming increasingly problematic as online security threats become more advanced. Passwords are often the weakest link in online security, as they can be guessed, stolen, or phished. Additionally, many people reuse the same passwords across multiple accounts, making it easier for hackers to gain access to multiple accounts with one stolen password.
What are Passkeys?
Passkeys offer a new way to sign in to apps and websites that is both easier and more secure than passwords. Passkeys allow users to sign in to apps and sites using the same method they use to unlock their devices: fingerprint, face scan, or screen lock PIN. This method eliminates the need to remember a password, making it simpler for users to sign in. Additionally, passkeys are more resistant to online attacks like phishing, making them a more secure alternative to SMS one-time codes.
How Passkeys Work
Passkeys work differently than passwords. Instead of relying on a secret code that is stored on a server, passkeys rely on a public and private key pair. When a user signs in using a passkey, the device sends a public key to the server. The server sends a challenge back to the device, which is signed with the private key. The device sends the signed challenge back to the server, which verifies the signature and grants access if the signature is valid.
Passkeys for Google Accounts
Google has announced that passkeys for Google Accounts are now available. Users can try them out at g.co/passkeys, and setting them up is easy. For Google Workspace accounts, administrators will soon have the option to enable passkeys for their end-users during sign-in. Google is also working with developers to bring passkey experiences to both Chrome and Android, with several services like Docusign, Kayak, PayPal, Shopify, and Yahoo! Japan already deploying the feature.
The Future of Authentication
While passkeys are not going to replace passwords overnight, they are a step in the right direction towards a more secure and simpler way to sign in to apps and websites. Passwords will still be around for some time, but passkeys offer a compelling alternative that is more resistant to online attacks and easier to use. As more services adopt passkeys, users will benefit from a more seamless and secure sign-in experience.
Implications for Businesses
For businesses, passkeys offer a more secure and simpler authentication method that can help protect against online attacks. Businesses can also benefit from the streamlined sign-in experience that passkeys offer, reducing friction for users and improving the overall user experience. However, passkeys will take time to be widely adopted, and businesses will need to continue to support passwords and 2-step verification for the foreseeable future.
Bình luận