Google Adopts Passkeys as Default Sign-in Method for All Users
2023-10-10 20:50:0 Author: thehackernews.com(查看原文) 阅读量:8 收藏

Password Security / Technology

Google Passkeys

Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled out support for the FIDO Alliance-backed passwordless standard for Google Accounts on all platforms.

"This means the next time you sign in to your account, you'll start seeing prompts to create and use passkeys, simplifying your future sign-ins," Google's Sriram Karra and Christiaan Brand said.

"It also means you'll see the 'skip password when possible' option toggled on in your Google Account settings."

Passkeys are a new form of authentication that entirely eliminate the need for usernames and passwords, or even provides any additional authentication factor.

Cybersecurity

In other words, it's a passwordless login mechanism that leverages public-key cryptography to authenticate users' access to websites and apps, with the private key saved securely in the device and the public key stored in the server.

Each passkey is unique and bound to a username and a specific service, meaning a user will have at least as many passkeys as they have accounts, although there can be multiple passkeys per account since passkeys function only within the confines of the same platform.

A user can, therefore, have one passkey each for a website for Android, iOS, and Windows.

Thus, when a user signs into a website or app that supports passkeys, a random challenge is created and sent to the client, which, in turn, prompts the individual to verify using their biometric or a PIN in order to sign the challenge using the private key and send it back to the server.

Cybersecurity

Authentication is considered successful if the signed response can be validated using the associated public key.

An immediate benefit to passkeys is two-fold: they not only obviate the hassle of remembering passwords, but are also phishing-resistant, thereby safeguarding accounts against potential takeover attacks.

The development comes weeks after Microsoft officially began supporting passkeys in Windows 11 for improved account security. Other widely-used platforms like eBay and Uber have enabled passkey support in recent months.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


文章来源: https://thehackernews.com/2023/10/google-adopts-passkeys-as-default-sign.html
如有侵权请联系:admin#unsafe.sh