Chrome and Android have a new type of authorization. Google created the Passkeys system for authorization on sites and services without a password. This reduces the risk of password leakage to zero, since Passkeys crypto tokens are one-time, but so far only work in Android and only in the Chrome browser. Apple and Microsoft participated in the development - Passkeys may soon appear on their platforms.
The era of passwords is coming to an end
Google Corporation has implemented a new method of authorization in various services, allowing you to forget about passwords forever. In her blog, she announced the introduction of innovations in the Android mobile OS, as well as in her Chrome browser.
The new Google project is called Passkeys. The internet giant is touting it directly as the new authentication standard and really touting it as a replacement for passwords.
According to the developers, Passkeys or "password keys" are many times safer than regular passwords due to the fact that they are one-time. This immediately deprives attackers of getting such valuable information through phishing, social engineering, or classic brute force.
Google assures that Passkeys can not only be reused, but also intercepted as you type.
Principle of operation
Passkeys are unique (because one-time) cryptographic tokens generated directly on the device. They are then passed to websites for authorization instead of passwords.
For the user, this means that he no longer has to keep passwords from dozens of services in his head, store them in password managers and constantly worry that hackers can get to these managers. This has happened more than once in recent years - cloud-based password storage services have clearly demonstrated their unreliability to the whole world.
You can only use Passkeys if you have physical access to your smartphone, which further reduces the likelihood of gaining access to your account. There is an additional degree of protection - before sending the password to the site, Android will ask you to enter the device unlock code or touch the fingerprint scanner.
Access is still limited
For password substitutes to work, site and service owners need to enable the WebAuthn API for Chrome. If this is not done, the Passkeys system will not work. In this case, the user will be able to log in according to the old scheme - using his password.
At the time of the publication of the material, not all Android users could evaluate the work of Passkeys. The function works exclusively in the mobile version of the Chrome browser, and also in the Canary build for beta testers. You will also need to upgrade to a beta version of Google Play Services.
Assembled team
When Google plans to make Passkeys more widely available is unknown. However, she worked on this technology with the possible participation of the FIDO alliance, as well as Apple and Microsoft corporations, which increases the likelihood of its appearance in their browsers and operating systems.
The fact that both Apple and Google will also introduce Passkeys in the very near future is indicated by another important fact. World Password Day is celebrated on May 5 every year. On this day in 2022, all three corporations announced that they would soon eliminate passwords in their services.
As CNews reported, they were talking about a single authorization standard that would allow a user to be identified using face or fingerprint recognition, or using a PIN code. All this exactly matches the description of Passkeys.
It should be noted that Google has been trying to make passwords a thing of the past since at least 2016. To date, only Passkeys is the most significant step in this direction. However, it may take years for the technology to be widely adopted.
What's wrong with passwords
A password is a classic way to protect against unauthorized access to information. Users who use different complex passwords for different resources, as well as store them in offline managers and do not follow dubious links, rarely experience their accounts being hacked.
But you should never forget that the owners of services where the user has a profile can also leak. For example, in the summer of 2021, a file with 8.2 billion passwords was freely available on the Internet. This is more than the entire population of the Earth and almost twice the total number of Internet users, which made this leak the largest in history.
Also in September 2022, CNews wrote that Google and Microsoft themselves have been stealing user passwords for years, without much hiding.
No comments