Tech giant Google is taking a significant step in their plant to do away with passwords, the company is allowing you to create passkeys for your account that are stored on the devices you use to access Google services like Gmail and YouTube.
According to the announcement from Google, “Passkeys are a more convenient and safer alternative to passwords. They work on all major platforms and browsers and allow users to sign in by unlocking their computer or mobile device with their fingerprint, face recognition, or a local PIN.”
Once you add a passkey to your account, you’ll be asked for it when you sign in or perform certain functions, like changing a password, on your account.
The passkey is stored on your computer, phone, or tablet and not somewhere in the cloud accessible to hackers. So there’s no way to write a passkey down, or no way you can share it with a crook who targets you with a phishing scam.
The passkey is just one option for signing in; not all devices support them yet. Unlike an authenticator app, that means you must have a smartphone and must use it every time you sign into any device, you create an individual passkey for each device.
However, Google says, “If you want to sign in on a new device for the first time, or temporarily use someone else’s device, you can use a passkey stored on your phone to do so. On the new device, you’d just select the option to “use a passkey from another device” and follow the prompts. This does not automatically transfer the passkey to the new device, it only uses your phone’s screen lock and proximity to approve a one-time sign-in. If the new device supports storing its own passkeys, we will ask separately if you want to create one there.”
They advise against creating a passkey on any device you share with other people since other users will be able to sign into your account.
A passkey is actually a cryptographic private key. When you make one, the corresponding key is uploaded to Google. When you go to sign in, Google asks your device to verify with a special challenge. You have to approve the action and then the device will be verified. This information can only be shared with Google websites and apps, so you should be safe from hackers.
No, I’m not ready to use “Google Passkey.” I despise Google. I don’t have a Google account, and don’t want one. I also don’t have, and probably never will have, an Android smartphone because I despise Google.
No, not ready. Sounds more complicated. I have 2 laptops — one at my home and one at a family member’s home where I often visit. On the second device I’d have to use my phone’s screen for a one-time sign-on? But, if it doesn’t support its own passkey, then?? I tried the finger-print sign on a few years ago and it didn’t work well so didn’t use that option.
I use it and love it. I always remember which finger I used so… no problem.