Google has started rolling out Passkey support for Android and Chrome, following the path marked by last May’s agreement with Apple and Microsoft replace the use of passwords in the consumer world of devices, web services and apps.
Passkeys are an authentication system that has been used by Linux system engineers (but not only) for years and is used in place of passwords. The difficulty in introducing them to the consumer world stemmed from the lack of full common software support and devices capable of protecting keys with advanced biometric systems. These two requirements are now also met thanks to the common standard created by the FIDO Alliance and the interoperability agreement between Apple, Google and Microsoft.
The password becomes the device
In the broadest sense of the word, the passkey is not “copyable” because, unlike the password, it is not a simple string of characters that can be lost or stolen and then reused, but rather a public key (a very long string of characters) stored in the domain where the user’s account resides and a private key that resides on the user’s device.
The public key is generated from the private key and can only grant access if recognized; therefore its openness does not limit the security of the authentication system. The private passkeys are then synchronized between the user’s devices using cloud environments, in the case of Apple iCloud Keychain and Google through the password manager.
It is important to specify that these cloud services are only used as a “bridge” for key synchronization. not on them like passwords currently dootherwise the benefit of using master keys would be lost.
In addition, the interoperability between Apple, Google and Microsoft systems is determined by the independence of the passpartout from the usage platform. For example, a person who opens a website from their Windows work PC can access it without a password, even if that account’s private key is stored on their iPad or iCloud account. In this case, reading a QR code with a device holding this key is exploited to gain access.
We wrote an in-depth article on how passkeys work.
Here’s how the passwordless access that will revolutionize security works: Stop account theft or phishing
Go to the deepening
Creating and using Google Passkeys will be super easy
As for Google, with the announcement of Passkey support, users can create and use passkeys on Android devices that sync securely via Google’s password manager.
Developers can already build passkey support on their websites for end users using Chrome via WebAuthn API, Android and other platforms.
To do this, they need to switch out of the Google Play Services beta and use Chrome Canary, the version of the browser for developers (and not only) that uses new features. The actual use of the Passkey system is planned for next year.
Google has also explained in a simple way how to create passkeys and access a website or service that implements them. It only takes two steps for the end user to create a passkey, namely verifying the passkey account information and presenting the fingerprint, face or screen lock code when prompted.
Signing in is just as easy, with the user selecting the account they want to sign in to and presenting their fingerprint, face for recognition, or screen lock code when the system requests it.
#Google #closer #goodbye #passwords #Visit #Passkey #support #Android #Chrome