Proactive IT Strategy at Thriveon

Google Announces Switch to Passkeys for All Users

Written by Thriveon | 11/7/23 2:45 PM
Passwords have long been vital in online security, but they also have some vulnerabilities. Hackers can breach passwords and steal valuable data and information. Even when users implement 

multi-factor authentication and password managers, there can be issues; authentication codes can be intercepted, and password managers can be hacked.

As part of its efforts to move towards password-less authentication, Google announced on Oct. 10 that passkeys were the new default sign-in option for users across personal Google accounts.

This means that the next time a user signs into their account, they will receive a prompt asking them to create and use passkeys, simplifying future sign-ins. They will also see a “skip password when possible” option in their Google account settings if they want to opt out of using passkeys for the moment.

What Are Passkeys, and How Do You Use Them?

Passkeys are an easier, more secure way to sign into apps and websites; instead of remembering multiple passwords, passkeys are a type of credential authentication that allows users to log in without a password. Passkeys rely on cryptography to make them more secure instead of a combination of numbers, letters and special characters.

To use passkeys, you utilize a biometric sensor that is already part of your device, like for a fingerprint, a face scan or a screen lock PIN. A passkey is tied to a user account, website or application, enabling authentication to occur without login credentials or authentication factors. Users can switch to a new device and immediately use it without needing to re-enroll, which differs from traditional biometric authentication that requires setup on each device.

Passkeys are made up of two parts: one is stored on the app or website’s server, and the other is on the device used to verify your identity. The required physical access with passkeys is not human-readable, making it nearly impossible for hackers to access accounts. Plus, passkeys are unique to each website or server, so if one is compromised, the other passkeys are kept safe. Overall, passkeys are more resistant to phishing attempts, credential stuffing attacks and keylogger malware.

Do Other Companies Use Passkeys?

Many companies are pushing to reduce reliance on passwords by using passkeys instead.

In May 2022, Google teamed up with FIDO Alliance, Apple and Microsoft to announce work towards a password-less future, and Google first rolled out support for passkeys in May 2023. Since then, eBay, Uber, PayPal, Shopify and WhatsApp have enabled passkeys for users.

“Since launching earlier this year, people have used passkeys on their favorite apps,” Google said. “We’re encouraged by the results. We’re even more excited to see the growing adoption of passkeys across industry.”

Since the launch of passkeys for Google accounts, Google reported that passkeys are 40% faster than passwords and that 64% of users have found passkeys easier to use than passwords and 2FA. Google hopes to make passwords a rarity and eventually obsolete.

What to Do for Now?

If you’re not completely ready to move to passkeys yet, that’s okay – but you must ensure your accounts are protected by using strong passwords. Make sure you don’t reuse the same password, and strengthen it by combining at least 19 letters, numbers and characters. Avoid correctly spelled words and personally identifiable information. Lastly, NEVER share your passwords with anyone.

If you need additional information or assistance with keeping your accounts secure, reach out to Thriveon today.