Google gets rid of passwords in major new update
Users can now sign into their accounts with ‘passkeys’ instead
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Google will now allow people to move on from passwords, in a major and long-anticipated move.
The company will let people sign in with “passkeys” instead. They are intended as a safer alternative to passwords, letting people sign in both more easily and more securely.
Passkeys have been pushed by a range of companiesway of replacing traditional passwords. They combine a local code on a device with biometric information such as a fingerprint or facial recognition.
All of that information is kept on the device itself, so that Google will not see those facial scans or other biometric data. That not only keeps it from being scanned for advertising but also means there is less chance of it being stolen.
The new passkey technology has been embraced by all major device and platform manufacturers who are part of the “FIDO Alliance”, which has long been looking for ways to introduce new security technology.
A range of companies including Microsoft and Apple as well as Google have been attempting to do away with passwords for years. Critics argue that they are both insecure and burdensome, forcing users to work to remember long strings of letters that do not keep accounts safe anyway.
“Using passwords puts a lot of responsibility on users,” Google said in its announcement. “Choosing strong passwords and remembering them across various accounts can be hard.
“In addition, even the most savvy users are often misled into giving them up during phishing attempts.”
When a passkey is added to a Google account, the company will ask for it when a user signs in or if the company notices suspicious activity on an account. Using the biometric information and PIN code unlocks the passkey, and then lets users sign in without adding any more data.
As such, they cannot be stolen in “phishing” attacks, where users are tricked into giving their passwords to fake accounts. They also cannot be written down, lost, or accidentally given to an attacker.
Since they are also not stored on company’s servers, they are also safe from attacks on those companies. In recent years, a number of major companies have suffered data breaches that have exposed users’ passwords – and thereby given attackers access to accounts.
Passkeys are tied to specific devices, though some platforms keep them in sync: setting one up on an iPhone means that it will be available on a Mac signed into the same iCloud account, for instance. But users may have to create new passkeys on specific devices.
The passkeys are located on the device itself, so users are also urged not to set them up on any phones or computers that are not secure or are shared. Anyone with access to that same device would be able to get into those accounts.
If there is any suspicious activity on a Google account, the company advises people to revoke the passkey, which can be done in account settings.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments