Other Technology | May 10, 2023
It’s been some time since both Google and other companies declared war on passwords. They have already expressed disdain towards them, stating that they are outdated systems that store too much information for how fragile they are. In Spain and around the world, Google is already acting against this way of protecting accounts by announcing the use of access keys to avoid the use of passwords.
As Google announced in its blog, it is now possible to use these access keys or passkeys to not have to use outdated passwords in our Google accounts. This new solution of cryptographic keys requires a device in which the account is already authenticated, equipped with biometric systems. In this way, users can change their login method.
Google promises that by using these access keys, users will not only be able to get rid of their passwords but will no longer need two-step verification codes. Through this link, users can establish these keys and finally say goodbye to passwords, logging in to their Google accounts using, for example, fingerprint or facial recognition.
Remember that these keys are part of a series of initiatives driven by Google, Apple, and Microsoft to put an end to passwords. These keys replace traditional passwords as well as other login systems such as two-step verification, SMS, or a local PIN.
What happens if the user logs in using an already authenticated device? The next time they log into their Google account, instead of a password, they will have to use their fingerprint, facial recognition system, or screen lock system to verify that it is indeed them who is logging in.
It should be clarified that this biometric data is not shared with Google or third parties, which means that passkeys are inherently more secure than passwords. By replacing passwords, this information cannot be stolen in a phishing attack, giving the user an extra layer of security for their account.
Once this option is activated, the next time the user tries to log in, Google will require the passkey. It will also be required in case of potentially suspicious activity that requires additional verification. In addition, these keys are stored on compatible hardware and require a minimum of Android 9 or iPhones with iOS 16. In fact, these keys can be shared with other devices through password management services or cloud services such as iCloud.
One of the most interesting options of this change is the one that allows users to use another person’s device to temporarily access their account. For example, if the phone with the account is not available, there is an option to use a key from another device, creating a unique login with an access key that is not stored or transferred to the new hardware. However, Google asks users not to create keys on shared devices.
Naturally, users can immediately revoke these keys completely if they suspect that the Google account settings are compromised. Or if, on the contrary, the only device on which the access key has been stored is lost. That is, users will not depend entirely on these devices to log in.
It will take some time until compatibility with access keys is complete, so Google accounts will continue to accept passwords and other login systems, giving users who do not have biometric authentication devices a respite. As Google explains on its blog, as these keys become more popular, other login systems will be examined, opening the door to eliminating support for traditional passwords.
