Hate passwords? Google has taken a big step towards getting rid of them

Save articles for later

Add articles to your saved list and come back to them any time.

Passwords are a step closer to being no more than an unpleasant memory, with Google announcing the introduction of “passkeys”; cryptographic tokens that live on your personal devices and let you sign in to Google services with your fingerprint, face or PIN. But while passkeys may be the future, they’re not exactly straightforward today.

Google wants to make passwords a thing of the past.Credit: Tamara Voninski

Passkeys replace the need for both passwords and two-factor authentication (like app codes or text messages), and in theory they’re safer than both. The passkey lives on your supported device (an Android phone, iOS device or PC), and communicates with the website or service you’re trying to access in order to prove you are who you say you are.

All you’ll have to do is verify your identity on the device using the measure you already use to unlock or log in. For now, you still need to have a password associated with your Google account. But a passkey makes it so you don’t necessarily need to memorise it, so you could make it something much more complex and difficult for attackers to crack. Plus, once passkeys are eventually adopted much more widely, you’ll be able to access any service seamlessly on your personal devices.

Passkeys have one additional advantage over passwords. They’re specific to particular websites, so scammer sites can’t steal a passkey from a dating site and use it to raid your bank account.

One potential danger is that any device you create a passkey on will become a skeleton key that unlocks all your stuff. For that reason, Google cautions that you should only create them on the devices that are very personal to you. But if, for example, you need to log into a website on a shared PC, you can do so by using your own phone. The first time you’ll need to scan a QR code, but from then on you’ll just get a prompt to unlock your phone to log in on the shared device.

For years, analysis of hacked password caches found that the most common password in use was “password123.”Credit: Bloomberg

If you’re keen to experience the future today, you can start using passkeys by going to g.co/passkeys and signing in (it may say you’re not allowed to do it if you’re using a work account). Click the option to “start using passkeys,” and from now on the Google Account sign-in screen will skip the passwords entirely. Android devices create passkeys automatically, but on computers or iPhones you’ll need to return to this page and create them manually.

If you’re on an Apple device, you’ll first be prompted to set up the Keychain app if you’re not already using it; it securely stores passwords and now passkeys as well. If you’re on an Android, they’ll be synced to the cloud using Google’s password manager. This way you won’t lose your passkeys if you change your phone.

The end result is that you shouldn’t need to bother with manually signing in to Google on the devices you regularly use; it will simply know it’s you and let you in. The process is a little more cumbersome the more devices you use, but as long as a passkey is on your phone and you always have it with you, you’ll be able to log in.

As a last resort, you can use your Google password. But one day, that archaic necessity may be eliminated entirely.

Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.

Most Viewed in Technology

From our partners

Source: Read Full Article