Password – for a while now, that has been the first line of security for our various forms of account, but looking back time, how secure are passwords in general?
Our passwords are a combination of pets’ names, important dates, key events, names, and so on, that information that could be pieced together from our social presence.
Plus, the need to have multiple passwords for our various accounts to avoid getting compromised in the case of a leak has made it even more challenging to maintain passwords.
The beginning of the end of the password – as titled by a Google blog post. For a while now, talks and efforts have been made to phase out the era of passwords, with top companies like Google, Apple, and Microsoft at the forefront of phasing out this age-long technology and replacing it with passkey.
In this article, we will be going over what passkeys are, how they are better, and a step-by-step guide on how to set up a passkey on your Google account.
What are Passkeys?
Passkeys are a new way of user authentication that is more secure and better than traditional passwords. Passkeys eliminate the use of passwords and usernames, taking off the old method of authentication, which is susceptible to hacks, phishing attacks, and data breaches, among other security threats related to them, and replace them with a more secure means.
Also Read: Best User Authentication Platforms
Unlike the widely used password means of authentication, passkeys eliminate the process of remembering a password as it is passwordless. Passkeys relate to using PIN, patterns, or biometric sensors such as fingerprint or facial recognition to verify your identity before gaining access to your account. Hence, to use passkeys, users must have devices that support the technology.
Despite security experts’ advice on the use of strong passwords and having unique passwords for every account a user owns, users still use weak passwords and use a single password for multiple platforms, further increasing the vulnerabilities involved with the password system.
Hence, the World Wide Web Consortium (W3C) and FIDO Alliance, an association that has been leading the way in reducing reliance on passwords, developed passkeys.
The use of passkeys was developed due to the security flaws that have been exploited in the existing password technology. Due to these flaws, we have seen the adoption of two-factor authentication, which is meant to serve as a second layer of security and identification before a user gains access to their account, and also see the wide adoption of password managers to help users keep track of the several passwords they have on several accounts.
How Do Passkeys Work?
Passkey leverage on a web-based authentication API WebAuthn. Web authentication uses a public and private key, known as public-key cryptography, to ensure the user is the correct owner of an account.
Unlike traditional passwords, anyone with your password can log in and access your account from anywhere. A passkey uses a strict means of ensuring that you are who you are.
The passkey consists of two keys, the public and private key. Both keys are essential as they work together in a puzzle-like manner to unlock and verify the user’s identity. The public key is and can be stored on any website or app that you are creating a passkey for, while the private key, as the name implies, is stored securely and accessed from only the device that is being used while creating the passkey.
The private key is not accessible and stored on any cloud-based platform, making it hard to hack, which makes the passkey more secure. In simple terms, you want to log in to your Google account with a passkey.
Remember, your passkey consists of two keys. Google sends an encrypted challenge to your device; remember, Google has your public key now.
When your device gets the encrypted challenge, you will then be required to unlock your phone with either PIN or pattern or face ID, which then signs the challenge with your private key and forwards the signed challenge back to Google.
Google then verifies it with a copy of the public key. If both keys match, the encrypted challenge is decrypted, and Google knows it is you. Looking closely, passkey works similarly to 2FA but better.
Why are Passkeys Better?
Better and Stronger than Passwords
Passkey uses public-key cryptography, a more secure way to authenticate a user. They are more resistant to phishing and other forms of attack when compared with password-based authentications. Your private key never gets shared to the cloud, ensuring only you can access your account.
Convenient
Unlike passwords, which require you to always remember them down to the Caps and dots. With Passkey, you can rely on a biometric sensor to confirm your identity, which handles the sending and authenticating of your identity and makes you finally free of having to forget your password.
Zero-Breach Possible
Although you require both the public and private key to verify your identity and knowing that your public key is being stored publicly on the website cloud, in the occurrence of a breach, the public key cannot be reversed engineered to get access to your private key, making your account still impenetrable.
Enhanced User Experience
Passkey, as mentioned, helps eliminate the need to remember all your passwords continuously and removes the risk of forgetting a password and losing access to your account, making authentication more user-friendly and seamless.
Setting up Passkey on Your Google Account
Google announced the implementation of Passkey during World Password Day in 2022. Currently, users have access to enable the option of a passkey to replace the already password-based authentication. In this section, we will review a step-by-step guide to activating Passkey on your existing Google account.
- Go to myaccount.google.com or click on your account image at the right-hand corner of the browser search page.
- Next, click on “Security” in the left panel.
- Go to “How you sign in to Google” and click on “Passkeys”.
- Select the “Use passkeys” or create a passkey button to create your passkey. Follow the instructions to complete the setup of your device.
- You’re done!
Finally, you have Passkey activated, and you’re password-free.
Activate Passkey on Mobile (Android)
- Go to “Settings”.
- Tap on Google.
- Tap on “Manage your Google Account”.
- Go to Security.
- Scroll to Passkey and Tap on it.
- Tap on Use Passkey and follow the instructions.
- You’re all set up to use Passkey.
Is the Password Dead?
At this juncture, adopting this new technology, just like any other, will require time. Hence, for the time being, we will still expect passwords to be widely used by the majority, but as more companies hop on the passwordless trend and the use of passkey. Passwords might eventually phase out.
Conclusion
Passkeys are a welcome technology, with the public key being the lock and is made publicly accessible but can only be unlocked by the person with the right key (private key), which is kept a secret. In the long run, the benefits of going passwordless with Passkeys will outweigh its demerits.
With companies’ increasing adoption of passkeys as a means of authentication, more people will adopt them once they fully understand the benefits.