Google's solution is based on the open FIDO2 and W3C WebAuthn standards, and therefore compatible with a range of web browsers and devices. Essentially, users generate a cryptographic key that can then be used for sign-ins across all Google services, such as Gmail, YouTube, and Drive.
This is done through Google's Security Settings page. After clicking on the "Security" tab, users can select "Signing in to Google" and choose "Passwordless sign-in". This prompts them to set up their passkey, which can then be linked to their fingerprint or a PIN code, and which can be used to authenticate on any device that supports FIDO2 or WebAuthn standards.
While passkeys may seem like a good idea in principle, there are some concerns about how they will function in practice. For example, users may not be able to use them on all websites and applications, as not all platforms have yet implemented FIDO2 and WebAuthn standards.
Additionally, some users may be uncomfortable with the idea of storing their biometric data on Google's servers, given the company's history of data breaches and privacy scandals. Furthermore, there is a concern that Google may use this information for other purposes beyond authentication, such as targeted advertising or selling data to third-party companies.
It is also worth noting that passkeys are not foolproof. They can still be compromised if the user's device is hacked or if the passkey is intercepted by a phishing attack. Therefore, it is important for users to ensure that they keep their devices up-to-date with the latest security patches and to be vigilant when entering their passkey or PIN code.
Despite these concerns, Google's passkeys offer a more convenient and secure alternative to traditional passwords. As the technology becomes more widespread and more websites and applications adopt FIDO2 and WebAuthn standards, it is possible that passkeys may become the default method of authentication online.
Google is not the only company experimenting with passkeys. Microsoft has also been working on its own passwordless solution, which it calls "Microsoft Authenticator". This app allows users to log in to their Microsoft accounts using biometric data, such as facial recognition or a fingerprint.
However, Microsoft's solution is currently limited to Microsoft accounts and does not yet support third-party applications or websites. Google's passkeys, on the other hand, can be used to authenticate across a range of services and platforms, making them a more versatile option.
It is clear that the era of the password may soon be coming to an end. With companies like Google and Microsoft working on new, more secure authentication methods, it is likely that we will see a shift away from passwords in the coming years.
This is good news for users, who will no longer have to remember complex passwords or worry about their accounts being compromised by hackers. It is also good news for companies, who will be able to offer their customers a more secure and convenient way of logging in.
Overall, Google's passkeys are a promising development in the ongoing quest for more secure authentication methods. While there are some concerns about their effectiveness and potential privacy implications, they offer a glimpse of a passwordless future that is more secure and user-friendly than what we have today.