Google gets rid of passwords in major new update
Users can now sign into their accounts with ‘passkeys’ instead
Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
Google will now allow people to move on from passwords, in a major and long-anticipated move.
The company will let people sign in with “passkeys” instead. They are intended as a safer alternative to passwords, letting people sign in both more easily and more securely.
Passkeys have been pushed by a range of companiesway of replacing traditional passwords. They combine a local code on a device with biometric information such as a fingerprint or facial recognition.
All of that information is kept on the device itself, so that Google will not see those facial scans or other biometric data. That not only keeps it from being scanned for advertising but also means there is less chance of it being stolen.
The new passkey technology has been embraced by all major device and platform manufacturers who are part of the “FIDO Alliance”, which has long been looking for ways to introduce new security technology.
A range of companies including Microsoft and Apple as well as Google have been attempting to do away with passwords for years. Critics argue that they are both insecure and burdensome, forcing users to work to remember long strings of letters that do not keep accounts safe anyway.
“Using passwords puts a lot of responsibility on users,” Google said in its announcement. “Choosing strong passwords and remembering them across various accounts can be hard.
“In addition, even the most savvy users are often misled into giving them up during phishing attempts.”
When a passkey is added to a Google account, the company will ask for it when a user signs in or if the company notices suspicious activity on an account. Using the biometric information and PIN code unlocks the passkey, and then lets users sign in without adding any more data.
As such, they cannot be stolen in “phishing” attacks, where users are tricked into giving their passwords to fake accounts. They also cannot be written down, lost, or accidentally given to an attacker.
Since they are also not stored on company’s servers, they are also safe from attacks on those companies. In recent years, a number of major companies have suffered data breaches that have exposed users’ passwords – and thereby given attackers access to accounts.
Passkeys are tied to specific devices, though some platforms keep them in sync: setting one up on an iPhone means that it will be available on a Mac signed into the same iCloud account, for instance. But users may have to create new passkeys on specific devices.
The passkeys are located on the device itself, so users are also urged not to set them up on any phones or computers that are not secure or are shared. Anyone with access to that same device would be able to get into those accounts.
If there is any suspicious activity on a Google account, the company advises people to revoke the passkey, which can be done in account settings.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies