UPDATED 13:38 EST / MAY 03 2023

SECURITY

Google rolls out passkey support to user accounts

Google LLC will enable users to sign into its services using passkeys, a new type of login credential that is designed to be more secure than traditional passwords.

Google introduced the feature this morning. The search giant has already begun rolling out passkey support to consumer accounts and said it will bring the feature to Google Workspace “soon.”

A passkey-based login system relies on the user’s device, rather than a username and a password, to perform authentication. Google’s implementation of the technology works with both personal computers and handsets. To log into their Google accounts, users must simply unlock their devices with the lock screen password or a biometric authentication method such as a fingerprint scanner.

The technology is described as significantly more secure than passwords. Unlike a password, passkeys can’t be remotely stolen by hackers. The only way for a hacker to obtain a passkey is to gain physical access to the user’s device, which is considerably more difficult than launching a phishing campaign.

“Unlike passwords, passkeys can only exist on your devices,” Google engineers Arnar Birgisson and Diana Smetters explained in a blog post. “They cannot be written down or accidentally given to a bad actor.”

The technology is based on an encryption method called public-key cryptography. Public-key cryptography has been in use for decades and underpins a wide variety of cybersecurity systems. It powers, among other technologies, the HTTP protocol that allows browsers to securely connect to websites.

Using public-key cryptography requires two items: an encryption algorithm and a piece of data called a public key. Users input the public key into the encryption algorithm, which subsequently gains the ability to scramble files. Those files can only be decrypted with the help of a so-called private key, a series of numbers and letters that functions as a kind of password.

Google’s new login feature applies the technology to authentication. To sign into a Google account, a device must decrypt a piece of data encrypted using public-key cryptography. Decryption is only possible using the private key, which is the passkey stored on the user’s computer or handset.

The theoretical foundation of public-key cryptography is a computer science concept known as a one-way function. One-way functions are computations that are simple to perform, but highly difficult to reverse engineer. In the case of Google’s new login feature, that means guessing a user’s passkey is practically impossible for hackers.

Because of the technology’s increased security, Google says users who enable passkeys won’t have to use two-factor authentication or passwords. However, the company will continue to support the latter two login methods.

If hackers steal and unlock a device that contains a passkey, they can potentially use it to log into the user’s Google account. To address that risk, the search giant will enable users to revoke passkeys remotely via the account settings page.

Google’s new login technology also mitigates other types of risks. In theory, users can lose access to their online accounts if they misplace the device that stores the associated passkeys. To address that risk, the technology provides the ability to sync a single passkey to multiple devices or create a separate one for each machine. 

“If you create a passkey on your iPhone, that passkey will also be available on your other Apple devices if they are signed in to the same iCloud account,” Birgisson and Smetters explained. “This protects you from being locked out of your account in case you lose your devices, and makes it easier for you to upgrade from one device to another.”

Google is one of several tech giants rolling out passkey support to their services. Last May, Microsoft Corp. and Apple Inc. also announced plans to make the technology more broadly available to their respective users. A growing number of other companies are also implementing passkeys.

Image: Google

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU