Google is on its way to a more secure browsing experience through its passwordless sign-in. While the feature was released earlier this year, the search engine giant has decided to make this method of logging in default for personal Google accounts.
Passkey by Default
Google is implementing passkeys as a default for Cybersecurity Awareness Month, as it is described as a more secure way of signing into personal Google accounts. With this change, users will be presented with a prompt to create and use passkeys.
The mentioned prompts will show the "Skip password when possible" option, which can also be toggled in your Google Account settings. With that said, Google says that passkeys will let you log in to your account 40% faster than manually typing your password.
With passkeys, you won't have to remember several passwords for various accounts. The feature is available for mainstream apps like YouTube, Google Search, Google Maps, Uber, and eBay. WhatsApp is already on its way to enabling the feature as well.
Google released passkeys back in early May, along with FIDO Alliance, Apple, and Microsoft. Despite that, users will still have the option to choose the traditional password method, two-step verification, or other available means to log in.
What Are Passkeys?
In case you haven't heard of or tried Google's passwordless option, passkeys will allow you to sign in to personal accounts, apps, sites, and devices using a fingerprint, a face scan, or a screen lock PIN, which are resistant to attacks like phishing.
To set up a passkey for a website or application, you must first register with the site or app. First, sign in to your account using the usual method, and then click the "create a passkey" button. After that, check the information stored with the new passkey.
Read Also: Apple, Google, Microsoft Support 'FIDO' Standard of Passwordless Sign-in on Major Platforms
Are They Safe?
Google advertises this method as being safer than standard sign-in methods and SMS authentication. Since some of the passwordless methods use biometric sensors like facial recognition and fingerprints, it's almost impossible to be hacked into.
They only work on registered websites and apps, so the user won't be tricked into authenticating on a deceptive site since the browser and operating system handle the verification process. They are public key cryptography which reduced the threat from potential data breaches.
When you create a passkey with a site or application, this generates a public-private key pair on your device. While the public key is held by the site, the attacker can't derive the user's private key from the data stored on the server, as per Google.
You won't have to worry about your biometric data or other sensitive information being sent to the server, as Google assures that this data never leaves your personal device. It can't be used to track you between sites, and different keys are used for various sites.
Through passkey managers, they are protected from unauthorized use. Google Password Manager uses end-to-end encryption to protect passkeys. The search engine giant cannot use them even though they are backed up on Google's servers.
Related: WhatsApp Users Could Soon Use Passkeys To Log Into the App
