Thursday, March 28, 2024

Google Announced Game-changing Passwordless Authentication “Passkeys”

In accordance with World Password Day, Google has launched its new feature called “passkeys” which will provide a passwordless authentication for users.

As mentioned, Google has been working with the FIDO Alliance, Apple, and Microsoft to support passkeys on their platform.

After today, All major platforms which use Google accounts for sign-in will have an additional option for Passkeys alongside passwords, 2-step Verification (2SV), and other sign-in methods.

Passkeys

Passkeys are a new and exciting way of signing in to applications and websites without passwords.

It is easier and more secure than the traditional password method, which we must remember for every account. 

Passkeys are like unlocking a device with Face ID, fingerprint, or screen lock PIN.

Google claims Passkeys are immune to phishing or other online attacks and are much more secure than SMS OTP (One-Time Password) codes.

Previously, Platforms like Docusign, Kayak, PayPal, Shopify, and Yahoo Japan have already streamlined this method for their users.

It is now available to Google users who want to go Passwordless for their sign-in.

Passkeys for Google Accounts

To create passkeys on your Google account, visit the passkeys website, which will initially ask you to sign in to your Google account to set up the passkeys. 

Passkeys Supported Devices

  • Laptop or PC with Windows 10 or macOS Ventura (macOS 13)
  • iOS 16 or Android 9 supported Device
  • Hardware Security Key that supports FIDO2 Protocol

Passkeys Supported Browsers

  • Chrome 109 or higher
  • Safari 16 or higher
  • Edge 109 or higher

Along with these requirements, the device must have a Screen Lock and Bluetooth available.

Once users visit the passkeys website, they are asked to “Create a new Passkey,” which can be done by the steps provided by Google. Once the passkeys are set up for the Google account, passkeys are ready to be used for signing in to that account.

If the account has passkeys enabled during sign-in, the users are prompted with a different window.

Passkey Login Window

If the user wants to go with a password, he can click “Try another way” to go to the password page. If the user wants to use passkeys, he can click on “Continue,” which will prompt which device to use for passkey confirmation.

Passkey Prompt for Device Selection

Here, the user can choose which device to use for passkey confirmation. After selecting the option, the user is presented with a prompt based on his selection.

If the user selects the “External Security Key” option, he is presented with a Security Key prompt and “QR Code” if the user has selected the “Use a Phone or Tablet” Option.

The user can use either of the devices he has used for generating the passkey to confirm their identity.

If the user scans the QR code for a passkey from his Phone or Tablet, the device asks to confirm his identity based on the unlock method he has set up. Once the user confirms the identity on his device, the passkey logs in to the user.

Security Key Prompt
QR Prompt

Google has released this feature as a part of its future passwordless program. It is yet another step towards a new feature.

Administrators will soon have the option to enable passkeys for their end-users during sign-in for Google Workspace accounts.

“Of course, like any new beginning, the change to passkeys will take time. That’s why passwords and 2SV will still work for Google Accounts.” Google says.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles