Google Announced today that access keys are now rolling out to Google account users around the world.
the news arrives almost a year to the day after Google, Apple, Microsoft and the FIDO Alliance announced a partnership to make frictionless, passwordless logins a reality across all devices, operating systems and browsers.
While multifactor authentication mechanisms and password managers offer reasonable security enhancements to traditional username/password workflows, they are not without their flaws. An authentication code sent via SMS can be intercepted, for example, while having to use additional third-party password management software is a hassle for some.
With passkeys, user authentication is essentially synced across all of your devices via the cloud using cryptographic key pairs, allowing users to sign in to websites and apps using the same biometrics or screen lock PIN that they use to unlock their devices. This makes it much more difficult for bad guys to access user accounts remotely, since physical access to the user’s device is needed.
long time to arrive
It’s worth noting that Google, like Apple and Microsoft, already supported the FIDO passwordless sign-in standard, but they had to sign in to every website or app with every device before they could use it. However, as a result of the alliance, the trio have set out to implement the standard on their respective systems, including browsers (eg Edge, Safari, and Chrome) and operating systems (Android, MacOS, and Windows). Effectively, this means that someone wanting to access their Google account on a Windows laptop can use a passkey from their iPhone.
Over the past year, the tech triumvirate have been slowly developing support for passcodes, with Apple introducing iOS support in September to allow iPhones to serve as login tools for any supporting website or app. PayPal introduced support for passcodes in iOS in October, followed by other companies like Shopify, Kayak, and Docusign.
Starting today, Google account users will also be able to use passkeys.
users can activate access keys by signing into their Google accounts, although this is completely optional – passwords and other existing multi-factor authentication tools are still very much in use.
And it appears that access keys are currently only supported for personal accounts, as Google noted that Workspace admins will have the option to enable this for their users “soon”.
—————————————————-
Source link