Saturday, November 2, 2024
Homecyber securityGoogle Announced Game-changing Passwordless Authentication "Passkeys"

Google Announced Game-changing Passwordless Authentication “Passkeys”

Published on

Malware protection

In accordance with World Password Day, Google has launched its new feature called “passkeys” which will provide a passwordless authentication for users.

As mentioned, Google has been working with the FIDO Alliance, Apple, and Microsoft to support passkeys on their platform.

After today, All major platforms which use Google accounts for sign-in will have an additional option for Passkeys alongside passwords, 2-step Verification (2SV), and other sign-in methods.

- Advertisement - SIEM as a Service

Passkeys

Passkeys are a new and exciting way of signing in to applications and websites without passwords.

It is easier and more secure than the traditional password method, which we must remember for every account. 

Passkeys are like unlocking a device with Face ID, fingerprint, or screen lock PIN.

Google claims Passkeys are immune to phishing or other online attacks and are much more secure than SMS OTP (One-Time Password) codes.

Previously, Platforms like Docusign, Kayak, PayPal, Shopify, and Yahoo Japan have already streamlined this method for their users.

It is now available to Google users who want to go Passwordless for their sign-in.

Passkeys for Google Accounts

To create passkeys on your Google account, visit the passkeys website, which will initially ask you to sign in to your Google account to set up the passkeys. 

Passkeys Supported Devices

  • Laptop or PC with Windows 10 or macOS Ventura (macOS 13)
  • iOS 16 or Android 9 supported Device
  • Hardware Security Key that supports FIDO2 Protocol

Passkeys Supported Browsers

  • Chrome 109 or higher
  • Safari 16 or higher
  • Edge 109 or higher

Along with these requirements, the device must have a Screen Lock and Bluetooth available.

Once users visit the passkeys website, they are asked to “Create a new Passkey,” which can be done by the steps provided by Google. Once the passkeys are set up for the Google account, passkeys are ready to be used for signing in to that account.

If the account has passkeys enabled during sign-in, the users are prompted with a different window.

Passkey Login Window

If the user wants to go with a password, he can click “Try another way” to go to the password page. If the user wants to use passkeys, he can click on “Continue,” which will prompt which device to use for passkey confirmation.

Passkey Prompt for Device Selection

Here, the user can choose which device to use for passkey confirmation. After selecting the option, the user is presented with a prompt based on his selection.

If the user selects the “External Security Key” option, he is presented with a Security Key prompt and “QR Code” if the user has selected the “Use a Phone or Tablet” Option.

The user can use either of the devices he has used for generating the passkey to confirm their identity.

If the user scans the QR code for a passkey from his Phone or Tablet, the device asks to confirm his identity based on the unlock method he has set up. Once the user confirms the identity on his device, the passkey logs in to the user.

Security Key Prompt
QR Prompt

Google has released this feature as a part of its future passwordless program. It is yet another step towards a new feature.

Administrators will soon have the option to enable passkeys for their end-users during sign-in for Google Workspace accounts.

“Of course, like any new beginning, the change to passkeys will take time. That’s why passwords and 2SV will still work for Google Accounts.” Google says.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...