Beyond passwords: Google Passkeys usher in new era of digital security

Photo: Mint
Photo: Mint


Last week, Google announced a new feature called Passkeys, which will allow users to log on to their Google accounts using secondary means, such as biometrics, USB keys and more

They say no password is a good password. With Microsoft and Apple taking the step in the last few years, Google announced its plan to kill passwords online last week, with something called Passkeys. Firms call these a step towards a password-less future. Mint explains:

What has Google done?

Last week, Google announced a new feature called Passkeys, which will allow users to log on to their Google accounts using secondary means, such as biometrics, USB keys and more. Essentially, it eliminates the need to type in a password whenever you want to log on to an account. When a user logs on to a service using Google, they still need their Gmail password, which too is eliminated through a feature like this. The feature is similar to Microsoft’s password-less sign-in, announced in 2021, and Apple’s iCloud Keychain log on that came with iOS 16—the company’s mobile phone software.

How do Passkeys work?

Google is allowing users to tag their Gmail password to a physical authentication device, like a USB key, or biometric authentication on their Android or iOS-powered device. Users will also be able to generate a QR Code on a desktop device, which will be scanned by their smartphone in order to log on to their accounts. Users can revoke access from a device from their Google account, and have backup devices to gain access to their account if they lose their primary authentication devices. The feature is especially useful for developers and enterprise users who have to log on to many accounts for day-to-day work.

Graphic: Mint
View Full Image
Graphic: Mint

Why is Google’s Passkeys important?

Even though Microsoft and Apple did it first, Google’s Android and Gmail are used by many more users. Enabling

password-less log on for users could give a significant boost to adoption of such services. Passkeys isn’t limited to Android devices alone either. One can log on to accounts using Apple’s FaceID as a secondary layer of authentication too.

So, the future is password-less?

The idea of password-less log on is actually very old, with LastPass dating back to 2008. Although Google, Apple and Microsoft can eliminate the need to type in passwords on a daily basis, the passwords to your Gmail, Apple or Microsoft account still act as the master passwords, and stealing this could grant access to all your other passwords. Since Windows, Android and Apple devices are always logged on to the users’ respective accounts, these master passwords are usually entered only once — when setting up a device.

What happens if these firms are hacked?

It’s much tougher for hackers to compromise Google, Apple or Microsoft. Even if they do, passwords are usually stored on their servers in a ‘hashed’ format, so that they can’t be deciphered without an authentication key. In practice, when a biometric authentication is done, a device sends a signal to these companies’ servers with the decryption key, to verify that it is in fact the right user who is trying to log on. Users have to protect only their master password and not share it with anyone.

Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.



Switch to the Mint app for fast and personalized news - Get App