Google’s mission is to make your digital life easier and more secure.
Earlier this month, Google announced the release of a new PCI Security Standards Council’s standard called “PKI support. ” Having passkeys instead of passwords can help keep your data safer. They allow you to securely access your various digital accounts on a wide range of different platforms, such as Google and Twitter.
There is no physical key. Instead, a special mechanism—typically facial recognition or fingerprint recognition, or just a PIN code–is used to prove you are who you say you are for the purposes of logging in.
However, it’s not just as simple as pressing one button that would give your app instant access to Chromecast. Developers must also code in passkey support into their apps and websites before they get access to the feature. For more information on how developers can implement passkey support, please check out the Android developers blog.
We’ve seen a lot of progress towards a passwordless future in the past few years, and Microsoft is one company that has been contributing to this. They’re offering users an alternative to passwords, which weren’t really needed anymore.
How Passkey’s Work
A passkey is a unique string of characters that identify a particular user account on some online service. At its center is a cryptographic private key that gets stored on the device you’re using. This public key is then verified by the digital services you are signing into to confirm your identity.
To make sure it’s really you, you’ll need to identify yourself on your phone or computer. This usually means entering a PIN code or scanning your face or fingerprint. Some computers may still use passwords for verification, but biometric authentication is becoming more popular in the industry.
This password allows you to forget about any passwords. There’s nothing extra for you to remember, and it will feel much less complicated with a safe, personal passkey that only your phone knows and not a list of passwords.
When you share your face and fingerprint with us, our passkeys can provide the added security that others crave for. It’s easy to revoke this access when you feel it isn’t needed any longer so you’re not left vulnerable to a data breach or stolen device.
Despite what Google is doing, organizations such as the FIDO Alliance and the W3C Web Authentication Group are also working toward a passwordless future. With these systems in place, you’ll be able to use them on your devices across any manufacturer without having to enter your passwords every time.
Setting up and using passkeys
Now that you have everything in place and your device has been unlocked, all you need to do is go to Settings > Security & Passkey and simply turn on [your option: passkey system]. Once you’ve turned that on, you’ll be able to use a passkey for logging into any account or app!
One important factor that Android apps that want to use passkeys need to take into account is establishing an authentication link between the device and the app. When you tell Google you want your account set up to use passkeys, you’ll be asked what type of permission to grant an app. That involves doing the same action as unlocking your phone- showing your face, pressing down your fingerprint, or entering a PIN- or something equivalent. If a new app needs that attachment for each time you log in, it’ll be of limited use, but for social media accounts one login per device is often enough.
You’ll be able to log in to websites on your smartphone by scanning a QR code. The website will display one that you can scan with your device, and once you’ve done so, your identity will be verified and you can access the site.
Google Password Manager is great for a lot of reasons, but the best part is that your passwords are encrypted and synced securely across devices. So if you lose access to one device, you’ll still have the ability to get at your account via another device or the cloud—you just need to provide the correct authentication details.