Explained | How Google Passkeys will mitigate password leak threats

by James · December 11, 2022

Over the past decade and a half, smartphones have become highly integrated and an extension of our lives, so much so that most people won’t even leave home without it. The convenience of owning a phone is unmatched among consumer electronics. You can order food, hail taxi, file income return, exchange pleasantries (in the form of videos/voice/messages) and trade cash with a few simple taps on the touch screen.

However, for each online account, users must register with a username and password. Most of them, to make it easier to remember them, reuse the same credentials, and this has the risk of getting lost. Even if one account is compromised through phishing techniques by cybercriminals, other accounts will also be compromised and people will have to pay a lot.

Although there are dedicated apps for storing usernames and passwords, they are also vulnerable to data breaches and the loss of millions of users’ details.

To thwart such threats, major tech firms such as Google, Apple and Microsoft announced earlier this year that they are jointly working together to bring a more secure login process and even end the need for passwords altogether.

In October, Google set the ball rolling by inviting independent developers and the public to test the password feature for Android and Chrome devices.

What is Passkey?
Simply put, a Passkey is a short user ID option for a particular online account. There is also no need to remember complex alphanumeric passwords or answers to the trick question.

Users just need to go to the desired website and the phone/desktop knows the owner’s user ID and fills it in automatically for authentication (see the animation below), he/she just needs to use the security feature on the device like fingerprint or FaceID or the phone’s lock screen PIN to log on.

And on a desktop device, users can choose to use a passkey from the associated mobile device, and since passkeys are built on industry standards, you can use either an Android or iOS device. It is similar to how you can open WhatsApp on the desktop browser by scanning the QR code on the screen through the phone with a registered primary account.

Google also noted that the passwords will be securely synced through Google Password Manager or, in future versions of Android, any other password manager that supports passwords.

And it adds that the A key does not leave the mobile device when you log in like this. Only a securely generated code is exchanged with the site, so unlike a password, nothing can leak.

This is a seamless smooth process and is said to be the most secure authentication system. There will be no threat of people losing their password details even if they have an account on the site, being hacked or data breached. The cybercriminal will not be able to access the account except for the username and nothing else.

Now, the search engine giant has officially released the new update to its Chrome browser (M108 series) that brings the password feature to Android and to Windows 11 and macOS desktops.

The new Passkeys feature complies with global standards set by the World Wide Web Consortium (W3C) and the FIDO (Fast ID Online) Alliance.

And Google will continue to work with partners including Apple and Microsoft to further improve security standards, as digital security is an ever-evolving area.

Apple and Microsoft are slated to bring the Passkey-like feature to their devices in 2023. And the process will have a similar user interface across all platforms, so there’s no confusion for consumers with different branded devices.

Get the latest news on new launches, gadget reviews, apps, online security and more on personal technology only at DH Tech.