New Delhi: Tech giant Google has started to roll out passkey support in Chrome with the Stable M108 version, for better safety. Passkeys are a safer replacement for passwords and other perishable authentication factors, the tech giant said in a blog post on Thursday.
They are more secure as they cannot be reused, do not leak in server breaches, and protect users from phishing attacks. Passkeys are created on industry standards and can function across different operating systems (OS). They can be used with both websites and applications that support them.
To sign in with a passkey, users will be required to authenticate themselves in the same way as they unlock a device. “With the latest version of Chrome, we’re enabling passkeys on Windows 11, macOS, and Android,” the company said. “On Android, your passkeys will be securely synced through Google Password Manager or any other password manager that supports passkeys,” it added.
Users can also choose to use a passkey from their nearby smartphone on a desktop device. A securely generated code is exchanged with the website so there is nothing that could be leaked. In October, Google rolled out passkey support in its Chrome Canary, an experimental version of the tech giant’s browser.
What is Passkey
Passkeys are the next step in the evolution of password managers. Today password managers are a bit of a hack—the password text box was originally meant for a human to manually type text into, and you were expected to remember your password. Then, password managers started automating that typing and memorization, making it convenient to use longer, more secure passwords. Today, the right way to deal with a password field is to have your password manager generate a string of random, unmemorable junk characters to stick in the password field. The passkey gets rid of that legacy text box interface and instead stores a secret, passes that secret to a website, and if it matches, you’re logged in. Instead of passing a randomly generated string of text, passkeys use the “WebAuthn” standard to generate a public-private keypair, just like SSH.
If everyone can figure out the compatibility issues, passkeys offer some big advantages over passwords. While passwords can be used insecurely with short text strings shared across many sites, a passkey is always enforced to be unique in content and secure in length. If a server breach happens, the hacker isn’t getting your private key, and it’s not a security issue the way a leaked password would be. Passkeys are not perishable, and because they require your phone to be physically present (!!) some random hacker from halfway around the world can’t log in to your account anyway.
