Google has announced the rollout of ‘Passkeys,’ which it describes as “the easiest and most secure way to sign-in to apps and websites” and a major step toward a “passwordless future.”
Working Toward A Passwordless Future : FIDO & Passkeys
Passkeys comes out of the work that Google’s been doing with the FIDO Alliance, an open industry association, formed in February 2013, to develop and promote authentication standards to “help reduce the world’s over-reliance on passwords”. ‘FIDO’ (Fast IDentity Online) sign-in credentials refer to a set of open and scalable authentication standards that aim to reduce reliance on passwords and enhance the security of online services.
Also, in May last year, Apple, Google and Microsoft announced that they were joining forces to support a common passwordless sign-in standard to allow websites and apps to offer consistent, secure, and easy sign-ins across devices and platforms. At the time, the joining of forces between the tech giants enabled users to automatically access their FIDO sign-in credentials (also known as a “passkey”) on many of their devices, even new ones, without having to re-enrol every account and employ FIDO authentication on their mobile device to sign-in to an app or website on a nearby device, regardless of the OS platform or browser.
Passkeys are the latest step in the passwordless sign-in journey and offer users a way to sign-in to apps and sites the same way they unlock their devices: with a fingerprint, a face scan, or a screen lock PIN. Although passwords and 2-Step Verification (2SV) will still work for Google Accounts, Google says that Passkeys are available for Google Accounts today and can be easily set up by visiting g.co/passkeys.
There are several key advantages of passwordless sign-ins over traditional password-based authentication methods, which are:
- Increased Security. Passwordless sign-ins provide better security than traditional password-based authentication methods. Passwords can be guessed, stolen, or even obtained through phishing attacks. On the other hand, fingerprint and face scan biometrics are unique to each individual and much harder to replicate. Passkeys, unlike passwords, can’t be written down or shared, and are resistant to popular online attacks like phishing or social engineering, thereby making it much more difficult for someone to impersonate the user where Passkeys are used.
- Convenience. Passwordless sign-ins can provide a more convenient and streamlined user experience. Users don’t need to remember complex passwords, and they can quickly and easily authenticate themselves using their biometric data or a simple screen lock PIN.
- Reduced friction. Passwordless sign-ins can reduce friction in the login process, which can help to increase user engagement and retention. Traditional passwords can be time-consuming and frustrating to enter, especially on mobile devices with smaller screens.
- Improved user experience. Users don’t need to worry about forgetting their password or resetting it, which can lead to a smoother and more enjoyable user experience overall.
- Lower support costs for Google. Password-related support requests can be a significant cost for organisations, particularly if users forget their passwords or need to reset them frequently. Passwordless sign-ins can help to reduce these support costs by eliminating the need for password-related support requests.
What Does This Mean For Your Business?
Finding solutions to keep one step ahead of cybercriminals whilst maintaining or increasing convenience for users, avoiding the damage caused by data breaches whilst staying competitive and increasing user engagement and retention, is an ongoing challenge for big tech companies like Google. The passwordless future has been a vision for some time and the expansion of the FIDO Alliance standards and Apple, Google and Microsoft joining forces have accelerated the steps to date, and the introduction of Passkeys. As outlined above, there are many advantages to not relying on passwords, not least the increased security and convenience, although, as Google acknowledges, the change to Passkeys will take time and passwords and 2SV will still work for Google Accounts. For businesses in today’s digital world, any extra security is welcomed, and Passkeys have the potential to help with customer retention by making it easier to login to apps and websites. For Google, Microsoft, and Apple, having shared standards that they’ve developed that are widely used also simplifies things, will reduce costs going forward, and is another way to help them retain their powerful market positions.