Earlier in the year, Google introduced passkeys, a simpler and more secure method to access your online accounts. These passkeys, stated to be 40% faster than passwords, leverage advanced cryptography, boosting their security.
In a recent blog post, Google announced that passkeys are now the primary choice for personal Google Accounts. When signing in next, users will be encouraged to generate and utilize passkeys. Additionally, the “Skip password when possible” setting will be automatically activated in their Google Account settings.
But how do Passkeys function, and is it truly safe to store your biometric data on a server?
How it work?
Google Passkeys employ a security protocol named WebAuthn to craft a distinct passkey for every website or application you access. WebAuthn is a trusted and openly accessible standard compatible with leading browsers and operating systems.
When initiating a passkey, your browser collaborates with the website or app to produce a pair of public and private keys. The public key is saved on the website or app’s server, while your device stores the private key.
During a passkey login, your browser transmits the public key to the website or app. It then validates the public key and sends a challenge back to your browser. Using your private key, your browser signs the challenge and transmits it back to the website or app.
Google words about Passkeys:
Since launching earlier this year, people have used passkeys on their favorite apps like YouTube, Search and Maps, and we’re encouraged by the results. We’re even more excited to see the growing adoption of passkeys across industry. Recently, Uber and eBay have enabled passkeys — giving people the option to ditch passwords when signing-in on their platforms — and WhatsApp compatibility will also be coming soon.
For the latest technology updates, subscribe to thetechhacker newsletter or follow us on Facebook, Instagram and Twitter.