Google Revolutionizes User Security with Passkeys as Default Sign-in Method
Google has made a significant stride in user security by implementing default passkeys for all its users. This move comes five months after the company initially rolled out support for the passwordless standard for Google Accounts, as advocated by the FIDO Alliance, across all platforms.
What this means is that the next time users log into their Google accounts, they will encounter prompts to set up and utilize passkeys as the primary method of authentication, simplifying the process of future sign-ins. Moreover, users will notice the 'skip password when possible' option automatically activated in their Google Account settings.
Passkeys represent a groundbreaking form of authentication that does away with the need for usernames and passwords or any additional authentication factors. Essentially, it's a passwordless login mechanism that leverages public-key cryptography to validate users' access to websites and applications. The private key is securely stored on the user's device, while the corresponding public key resides on the server.
When a user signs into a website or app that supports passkeys, a random challenge is generated and sent to the client. The user is then prompted to verify their identity using biometric data or a PIN to sign the challenge with their private key and send it back to the server. Successful authentication is confirmed if the signed response can be validated using the associated public key.
The introduction of passkeys carries two significant advantages. First, it eliminates the hassle of remembering passwords, which is a welcome relief for many users. Second, and perhaps even more importantly, passkeys are highly resistant to phishing attacks, which significantly bolsters account security.
Source: https://thehackernews.com/2023/10/google-adopts-passkeys-as-default-sign.html