These access keys use public-key cryptography, so if they’re involved in a data breach, they’re useless to bad actors without your face or fingerprint. Likewise, if your laptop or phone is stolen, your accounts won’t be accessible because you won’t be there to provide the necessary authentication.
It’s not just a Google initiative. Organizations such as the FIDO Alliance and the W3C Web Authentication Group are also working towards a passwordless future, so you’ll be able to use these systems on any device, whether it’s made by Google, Apple, Microsoft or any other hardware manufacturer. .
Configuring and using access keys
The good news is that using passkeys is as easy as unlocking your phone, it’s meant to be as easy as possible. You’ll be able to choose to switch to a passkey system for your accounts, but only when the app you’re logging into and the device you’re using have been upgraded with passkey support .
Say Google has finished rolling out passkey support on Android, you sign in to an app that’s been updated to use passkeys, and you say yes when prompted to switch from a standard password. You’ll then be asked to create a passkey, which will require you to perform the same action as unlocking your phone: show your face, tap your fingerprint, or enter a PIN. This creates the password and authenticates the link between the app in question and the device in your hand. Whenever you need to log into this app in the future, you will need to go through the same unlock process. As with passwords, the length of authentication varies: with your banking app, you’ll typically need to log in each time, while with a social media account, one login per device is often sufficient.
You’ll also be able to connect to sites on your computer through your phone through the magic of a QR code. The site will display a QR code that you scan with your phone. Once you complete the unlock process on your mobile device, your identity will be confirmed and you will be logged into the site.
Encrypted synchronization between devices will also be handled. Google Password Manager adds support for passkeys, for example, if you lose access to one device, you can still access your accounts from another or from the cloud, assuming you can. to provide the necessary authentication (and you haven’t changed your fingerprints or face in the meantime).