How to use access keys in Google Chrome and Android
These passkeys use public key encryption, so if they’re involved in a data breach, they’re useless to bad actors without your face or fingerprint. Likewise, if your laptop or phone is stolen, you won’t be able to access your accounts because you won’t be around to provide the necessary authentication.
This is not just a Google initiative. Organizations like the FIDO Alliance and the W3C Web Authentication Group are busy working towards a passwordless future as well, so you’ll be able to use these systems across all devices, whether they’re made by Google, Apple, Microsoft, or other hardware manufacturers.
Setting up and using access keys
The good news is that using a passcode is as easy as unlocking your phone – it’s meant to be as easy as possible. You’ll be able to choose to move to a password system for your accounts, but only when the app you’re signing in and the device you’re using has been upgraded with password support.
Let’s say Google has finished rolling out passkey support to Android, you’re signing in to an app that’s been updated to use passwords, and you’ve said yes when prompted to change from a default password. You’ll then be asked to create a passkey, which will involve doing the same action you do to unlock your phone – show your face, tap your fingerprint or enter a PIN. It creates the password and authenticates the link between the app in question and the device in your hand. When you need to sign in to that app in the future, you’ll have to go through the same unlocking process. As with passwords, how long the authentication lasts will vary: with your banking app you usually have to log in every time, while with a social media account one login per device is often enough.
You’ll also be able to log into websites on your computer through your phone through the magic of a QR code. The site will display a QR code that you scan with your phone – once you’ve gone through the unlock process on your mobile device, your identity will be verified and you’ll be logged into the site.
Encrypted cross-device sync will also be handled – Google Password Manager adds support for passwords, for example, so should you lose access to one device, you can still access your accounts from another or from the cloud, provided you can to provide the necessary authentication (and you have not changed your fingerprint or face in the meantime).