Google said that users can now generate passkeys, a digital credential attached to a user account and a website or app.
Personal Google accounts on all major platforms will get passkeys. Google will no longer require passwords or 2-Step Verification (2SV) when signing in with passkeys starting May 3.
Google, Apple, Microsoft, and other FIDO Alliance members promote passkeys.
Why do passkeys beat passwords?
Passkeys are easier and safer than passwords and 2-step verification. Passkey-registered devices can use this authentication mechanism.
They allow users to sign in by unlocking their computer or mobile device with a fingerprint, face recognition, or PIN on all major platforms and browsers.
Passwords are difficult. First, choosing and remembering secure passwords across accounts might be difficult. With cybercrime rising, users are often duped into disclosing passwords that result in financial losses.
2-step verification “again puts strain on the user with additional, unwanted friction and still doesn’t fully protect against phishing attacks and targeted attacks like ‘SIM swaps’ for SMS verification.” Passkeys fix everything.
Passkeys are device-specific, unlike passwords. They cannot be written down or accidentally given to bad actors. Google claimed in a blog post that using a passkey to check in to your Google Account indicates you can unlock your device.
What must users do?
Users can disable the Skip password when possible under Google Account security at any moment.