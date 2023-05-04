Google also plans to promote passkeys and nudge account holders in the coming months to convert their traditional username and password login to a passkey.

Ahead of World Password Day, Google on Wednesday announced that it will be introducing Passkeys, a technology touted to replace the traditional password system. Passkeys are said to be a secure and user-friendly alternative for accessing accounts which will transform the user's login across Google services.

Google’s announcement comes a day before World Password Day, which is celebrated on the first Thursday of May every year. The day initiated by Intel Security in 2013 is being celebrated since then every year across the world by cybersecurity professionals.

The passkey feature has been launched for Google’s billions of accounts across Chrome and Android, and users will be able to proactively seek it out and turn it on.

Google also plans to promote passkeys and nudge account holders in the coming months to convert their traditional username and password login to a passkey.

The company says it sees passkey eventually replacing other methods of online identification, but for now, existing methods, including passwords and 2FA, remain available to all users.

Google also acknowledged that the transition to passkeys will take time, and it will remain committed to making signing in easier and safer for everyone.

What are Passkeys and how do they work?

With passkeys, users can sign into apps and websites using their device's biometrics, including the fingerprint lock, face scan, or screen lock PIN.

Passkeys work by generating a unique pair of cryptographic keys one of which is private as is stored in the user's device and the other one is public as it is uploaded to Google’s servers.

The private key stays on your device for security, while the public key is uploaded to Google's servers.

When the account holder uses a passkey to sign in, Google will ask your device to sign a unique "challenge" with your private key, which will happen when the account holder approves it by unlocking the device using fingerprint, face scan or PIN.

After this, the public key is then used by Google to verify the signature and the user is logged in.

What is the purpose of Passkeys?

Google claims passkeys are safer than typical password/2FA combinations as they protect users from fraud and attackers.

Password-based authentication systems have had serious security issues for ages as attackers can steal passwords or trick users into giving it to them in phishing attacks.

The passkey system specifically prevents phishing attacks by relying on the cryptographic keys of the device for account authentication.