Google’s New Passkey Feature will make Passwords Obsolete

The tech is still in beta, but it’s part of a larger initiative involving Apple and Microsoft.

Passwords and passcodes are difficult to remember and keep track of, especially when they’re supposed to be long and complex. This is why people use the same password again and again, and yet they manage to forget them. This makes it difficult for big tech companies to protect accounts and data from hackers. Simply put, passwords are a dreadful system for safeguarding your data and private information. This is why Apple, Google, Microsoft, and the rest of the FIDO Alliance strive to substitute them with a method called passkeys. 

Recently Google announced that it was introducing a passkey support feature to android and crome or at least to their latest beta software. Anyone enrolled in the Google play service or the Chrome canary channel can use this feature to log in to websites that support them. Later this year, Google plans to release an API to let native Android apps use them. Their next goal for 2022 is to have most of their users on stable releases.

Google’s recent decision to incorporate passkeys into its products is a giant stride toward their eventual widespread use. For example, Apple introduced support for passkeys on the iPhone with iOS 16 and will extend that same functionality to Macs later this year with macOS Ventura. Consequently, once Google adds passkeys to Android and Chrome (the two most popular mobile platforms and browsers, respectively), that would mean all four major entities endorse them- which is momentous.

Passkeys use public key cryptography to create a safer and more secure authentication protocol than passwords. While creating a new account with a passkey, your device will create two different types of keys: a public key, which will be shared with the service, and a private key, which will be stored securely locked behind your biometric data or pin.

Just like its name suggests, the public key is publicly accessible. Even if a hacker got into the website and stole the data or if it was shared on social media, there’s no way to log in to your account with just the public key. It only allows websites to verify that you have saved the private key on your device.

The system is designed so that your device handles all user verification processes. It implies that the private key will never be transmitted over the internet, making it impossible to steal or hamper the passkey. Rather a temporary single-use token will be sent that will inform the website that you have the right private key.

Passkeys are very convenient to use. Google has released details about creating a passkey or logging in to any account just by using your fingerprint, face, or screen lock code. You don’t need to worry about remembering those long passwords- they will automatically sync in the background between your device using Google Password Manager. 

As passkeys are an industry standard, you can use your phone to log in to nearby devices regardless of your operating system.