Google is moving one step closer to ditching passwords, rolling out its passkey technology to Google accounts from Thursday.
The passkey is designed to replace passwords entirely by allowing authentication with fingerprint ID, facial ID or pin on the phone or device you use for authentication.
Apple has begun using the technology in iOS16 and the latest MacOS release, and Microsoft has been using it through the Authenticator app.
Users can create a passkey for each device they use, or the operating system or app used to manage the passkeys can be shared between the devices.
A cryptographic private key is stored on the device, and there is a corresponding public key uploaded to Google.
When a user signs in, the device must solve a unique challenge using the private key to generate a signature. The signature is then verified using the public key to allow a person to access their account.
All Google sees out of the transaction is the signature generated, and the public key.
Google has said this will prevent people using phishing, SIM-swap and other methods to obtain passwords and bypass authentication methods – because the private key and the biometrics used are never shared.
Google said the rolling out of the passkey technology – to mark World Password Day – signified “the beginning of the end” for passwords for Google accounts.
The technology is still in early stages, and it will be a while before there is mass adoption across apps and websites.
Google will still let people use passwords in circumstances where they do not have the passkey-enabled device available, but over time the company said it would pay closer attention to accounts using passwords for signs of compromise.
Each passkey is unique to each service a person uses,
Read more on theguardian.com