Google hails password-less world on World Password Day

Ahead of World Password Day today (May 4), Google has announced a ‘major step towards a password less future’ with the roll out of passkeys.

Passkeys let users sign into apps and sites the same way they unlock their devices: with a fingerprint, a face scan or a screen lock PIN – meaning that users no longer have to rely on the names of pets, birthdays or the infamous “password123.”

In a blog post published yesterday, entitled ‘Beginning of the end of the password’,  the search giant claimed that passkeys were “resistant to online attacks like phishing, making them more secure than things like SMS one-time codes”.

The technology has been developed as part of the Fido (Fast Identity Online) alliance with Apple, Google and Microsoft leading the way.

Apple began using the technology in iOS16 and the latest MacOS release, while Microsoft is using it through its Authenticator app. Other firms deploying the tech include Ebay, Docusign and PayPal.

In another blog published yesterday on its security pages –  So long passwords, thanks for all the phish  – Google said this technology would prevent people using phishing, SIM-swap and other methods to obtain passwords and bypass authentication methods – because the private key and the biometrics used are never shared.

The move has been welcomed by the cyber sec community, with Eduardo Azanza CEO at Veridas maintaining passkeys and biometric verification was “the only way forward to properly secure users” as well as making the online process “fast and effortless”.

He added: “The use of face verification means that user’s digital identities can be verified in a simple, agile, and secure way. Passwords can be stolen and leaked on the dark web to commit other crimes such as fraud and identity theft.

“However, as biometrics are linked to a user’s physical identity, they’re much harder to steal. As a result, security teams can accurately identify and verify users, as well as quickly detect fraud, phishing and spoofing techniques,” he explained.

Google said that passkeys for Google account users would be available from today while for companies that use Google for work accounts, the administrators in those businesses will soon be able to enable those users to use passkeys to sign in.

Google added that it would still let people use passwords in circumstances where they do not have the passkey-enabled device available, but over time the company would pay closer attention to accounts using passwords for signs of compromise.