O Google started this week the tests for the use of passkeys at the Android and Chrome. This new technology promises to increase users’ cybersecurity by eliminating the “human factor” in creating passwords and using cellular authentication for users to access their accounts.
In May, Google, Microsoft and Apple announced a partnership to improve technology that eliminates the use of passwords for logins. The three companies promise that all their services will be supported passkeys from 2023. The tests of the Google are compatible with MacOS and Windows systems, as the authentication is done by Chrome, but it is still necessary to use an Android smartphone.
Passkeys: the traditional QR Codes and biometrics for a secure login
To some, a world without passwords may sound “futuristic”. However, the technology passkeyalso called passwordless (“no passwords” in direct translation), from Google uses already known methods to ensure a secure login: QR Code and biometrics.
Android smartphone users who want to test the passkey will need to opt-in to this type of login on supported services.
After accessing a compatible service, the first step in using the passkey is to link it to an account. Once this is done, it will be necessary to use biometrics, facial recognition or other cell phone unlocking method to authenticate access.
To log in, simply click on the account you want to log in and use the authentication method chosen earlier.
For desktops and laptops, the user will need, in addition to the Chrome browser, a smartphone — at the moment, only Android phones allow you to create a passkey for Safari and Chrome, regardless of whether it is installed on MacOS or Windows.
Sites compatible with passkey will display a QR Code for the user to receive a code on your smartphone. The reading of the QR Code will be carried out by the cell phone’s own camera — eliminating the need for Google Auth.
Goodbye to phishing?
One of the security advantages of the passwordless login method is protect users from phishing scams. This practice consists of creating a fake website for the victim to enter the password of a very important account, a classic example is internet banking.
With the login made by a passkey, the password is always updated, then the cybercriminal will not be able to rely on the passwords stored through your fake website. In addition, with more services adopting the method, password leaks would affect fewer users — a salvation for those who often use the same password for multiple accounts.
With information: Ars Techinica, GSM Arena and Google