As part of the search giants'' attempts to usher in a passwordless future, Google has announced that passkey support will soon be available on Android and Chrome.
Even if you employ one of the finest password managers to generate strong, complex passwords for each of your online accounts, you may still be hacked. This is because many online services are equipped with two-factor authentication (2FA) to further secure your accounts.
The problem with 2FA or even multi-factor authentication (MFA) is that hackers may sabotage SMS-based man-in-the-middle attacks to steal one-time passcodes from your wireless carrier to login. This can be done by bribing someone at your wireless carrier through a process known as SIM swapping.
Google hopes to provide additional security to your internet accounts as Apple did by adding passkey support to iOS 16 and macOS Ventura.
What are passkeys and how do they work?
Passkeys are unique digital keys that are a safer and more secure alternative to traditional passwords, because they can''t be reused and are stored in an encrypted format on your devices.
If a company encounters a data disturbance, your passkeys will not be exposed. Unlike with security keys, you will not have to bring an additional gadget with you as they are securely stored on your phone or computer.
Passkeys are built on public key cryptography, where a secret private key is stored on your devices while a public key is stored on a web server. As hackers may easily access your private key, your devices and accounts are significantly difficult to hack.
Passkeys in Google Password Manager
According to a new blog post (opens in new tab) from Google, the Google Password Manager backs up and syncs passkeys on Android. If you happen to have two Android devices, the one of the best Android phones and one of the best Android tablets the passkeys created on one device are also available on the other.
Passkeys in Google Password Manager are also always end-to-end encrypted. When a passkey is backed up, its private key is backed up with a encryption key that can only be accessed from your devices. This helps protect passkeys from hackers, but it also prohibits Google from accessing them.
First, when you want to use passkeys in Google Password Manager, you will need to have a screen lock on your Android device. This is done to prevent others who may have access to your smartphone from using one of your passkeys.
When you get your signed in, you can use your saved passkeys along with your fingerprint, face, or screen lock. Similarly, you may also use passkeys on your Android device to sign into a site on Chrome with your desktop or laptop. In this scenario, you must use your phone to scan a QR code on your computer to secure the registration.
New phone, no problem
What happens when you buy a new Android device, including where your encryption keys are securely transferred when you transfer the rest of your apps and data to it?
It''s worth noting that in some cases such as when an older device is lost or damaged, you may need to recover your end-to-end encryption keys from a secure online backup according to Google. To do this, you will need to provide the lock screen PIN, password, or pattern from another device that has access to those keys. If you need to restore passkeys on a new device, you will need to be signed into your Google Account and an existing devices screen lock.
Google has made it more complicated for hackers to force your lock screen PIN or pattern. After ten incorrect attempts to use a screen lock on an existing device, it may no longer be used. However, you may still use screen locks from your other existing devices.
Moving to a passwordless future
Google''s removal from passwords is nothing new. In fact, Google, Microsoft, Apple, and other business entities are members of the FIDO Alliance and the World Wide Web Consortium (W3C), which have been working to facilitate the adoption of secure authentication standards for years.
With the introduction of passkeys on Android, Chrome, iOS, and macOS, and Microsoft intending to bring them to Windows in the near future, the password as we know it may end up.