Thursday, June 20, 2024

Google Announced Game-changing Passwordless Authentication “Passkeys”

In accordance with World Password Day, Google has launched its new feature called “passkeys” which will provide a passwordless authentication for users.

As mentioned, Google has been working with the FIDO Alliance, Apple, and Microsoft to support passkeys on their platform.

After today, All major platforms which use Google accounts for sign-in will have an additional option for Passkeys alongside passwords, 2-step Verification (2SV), and other sign-in methods.

Passkeys

Passkeys are a new and exciting way of signing in to applications and websites without passwords.

It is easier and more secure than the traditional password method, which we must remember for every account. 

Passkeys are like unlocking a device with Face ID, fingerprint, or screen lock PIN.

Google claims Passkeys are immune to phishing or other online attacks and are much more secure than SMS OTP (One-Time Password) codes.

Previously, Platforms like Docusign, Kayak, PayPal, Shopify, and Yahoo Japan have already streamlined this method for their users.

It is now available to Google users who want to go Passwordless for their sign-in.

Passkeys for Google Accounts

To create passkeys on your Google account, visit the passkeys website, which will initially ask you to sign in to your Google account to set up the passkeys. 

Passkeys Supported Devices

  • Laptop or PC with Windows 10 or macOS Ventura (macOS 13)
  • iOS 16 or Android 9 supported Device
  • Hardware Security Key that supports FIDO2 Protocol

Passkeys Supported Browsers

  • Chrome 109 or higher
  • Safari 16 or higher
  • Edge 109 or higher

Along with these requirements, the device must have a Screen Lock and Bluetooth available.

Once users visit the passkeys website, they are asked to “Create a new Passkey,” which can be done by the steps provided by Google. Once the passkeys are set up for the Google account, passkeys are ready to be used for signing in to that account.

If the account has passkeys enabled during sign-in, the users are prompted with a different window.

Passkey Login Window

If the user wants to go with a password, he can click “Try another way” to go to the password page. If the user wants to use passkeys, he can click on “Continue,” which will prompt which device to use for passkey confirmation.

Passkey Prompt for Device Selection

Here, the user can choose which device to use for passkey confirmation. After selecting the option, the user is presented with a prompt based on his selection.

If the user selects the “External Security Key” option, he is presented with a Security Key prompt and “QR Code” if the user has selected the “Use a Phone or Tablet” Option.

The user can use either of the devices he has used for generating the passkey to confirm their identity.

If the user scans the QR code for a passkey from his Phone or Tablet, the device asks to confirm his identity based on the unlock method he has set up. Once the user confirms the identity on his device, the passkey logs in to the user.

Security Key Prompt
QR Prompt

Google has released this feature as a part of its future passwordless program. It is yet another step towards a new feature.

Administrators will soon have the option to enable passkeys for their end-users during sign-in for Google Workspace accounts.

“Of course, like any new beginning, the change to passkeys will take time. That’s why passwords and 2SV will still work for Google Accounts.” Google says.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Website

Latest articles

1inch partners with Blockaid to enhance Web3 security through the 1inch Shield

1inch, a leading DeFi aggregator that provides advanced security solutions to users across the...

Hackers Exploit Progressive Web Apps to Steal Passwords

In a concerning development for cybersecurity, hackers are increasingly leveraging Progressive Web Apps (PWAs)...

INE Security: Optimizing Teams for AI and Cybersecurity

2024 is rapidly shaping up to be a defining year in generative AI. While...

Threat Actor Claims Breach of Jollibee Fast-Food Gaint

A threat actor has claimed responsibility for breaching the systems of Jollibee Foods Corporation,...

Threat Actors Claiming Breach of Accenture Employee Data

Threat actors have claimed responsibility for a significant data breach involving Accenture, one of...

Diamorphine Rootkit Exploiting Linux Systems In The Wild

Threat actors exploit Linux systems because they are prevalent in organizations that host servers,...

Amtrak Data Breach: Hackers Accessed User’s Email Address

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles