What are passkeys?
In a blog post, Ali Sarraf, product manager, Google Chrome, says that passkeys are “a significantly safer replacement for passwords and other phishable authentication factors.” While passwords, according to Sarraf, have been the first line of defence in people’s digital lives, they are risky. Passwords can be hacked, are at risk of being phished, and of course there is always a chance that people will keep rather easily guessable passwords. And here’s where Google wants people to use passkeys. “They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks,” says Sarraf. What’s also good about passkeys, as per Google, is that they can work across different operating systems and browser ecosystems, and can be used with both websites and apps.
How to use passkeys on Google Chrome?
With the latest Chrome update, Google rolled out passkeys for Windows 11, macOS, and Android. Google says that users can use passkeys to sign into sites and apps that support them. And currently, there are a handful of apps and sites that are offering support for passkeys.
On Android, Google says that passkeys will be securely synced through Google Password Manager. Not just that, any other password manager that supports passkeys will also sync them. On sites and apps, where passkeys are supported, users will get a prompt to use them instead of passwords.“Once you have a passkey saved on your device it can show up in autofill when you’re signing in to help you be more secure,” explains Sarraf.
If a user is using a desktop — macOS or Windows 11 — then he/she can also choose to use a passkey from a nearby mobile device and. “Since passkeys are built on industry standards, you can use either an Android or iOS device,” says Sarraf in the blog post.
A passkey doesn’t leave your mobile device when signing in like this. Only a securely generated code is exchanged with the site so, unlike a password, there’s nothing that could be leaked, he further said.
Does this mean the end of passwords?
No, this is just the initial phase of getting into replacing passwords. Google also acknowledges the same. “Passwords will continue to be part of our lives as we make this transition, so we’ll remain dedicated to making conventional sign-ins safer and easier through Google Password Manager,” adds Sarraf in the blog post. It will take time for all developers to adopt passkeys in their apps and websites.