Google announces major security feature as it moves towards ‘passwordless’ future

Google has announced it would roll out passkeys in a major security move, as it aims to move towards a “passwordless” future.

Passkeys provide a way for users to sign in to apps and websites by allowing people to use their fingerprints, a face scan or a screen lock PIN.

Google says passkeys are an “easier and more secure alternative” to passwords, and began to roll out the new feature across Google accounts on all major platforms on Thursday ahead of World Password Day on May 4.

Watch the latest News on Channel 7 or stream for free on 7plus >>

“For some time we and others in the industry have been working on a simpler and safer alternative to passwords,” the company said in a recent announcement.

“While passwords will be with us for some time to come, they are often frustrating to remember and put you at risk if they end up in the wrong hands.”

The feature will be an additional option that people can use to sign in, along with passwords and the two-step verification process.

“Passkeys are a new way to sign in to apps and websites,” Google said in its announcement.

“They’re both easier to use and more secure than passwords, so users no longer need to rely on the names of Pets, birthdays or the infamous ‘password123’.

“Instead, passkeys let users sign in to apps and sites the same way they unlock their devices: with a fingerprint, a face scan or a screen lock PIN.

“And, unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like SMS one-time codes.”

Passkeys use a cryptographic private key to work, which is stored on the device. When a passkey is created, the corresponding public key is uploaded to Google.

“When you sign in, we ask your device to sign a unique challenge with the private key,” the company explained in a separate blog post.

“Your device only does so if you approve this, which requires unlocking the device.

“We then verify the signature with your public key.”

The tech giant has also provided a support document instructing users how to create and sign in with a passkey.

However, the feature does come with limitations.

Passkeys will only work if a computer or mobile device has browsers such as Chrome, Safari or Edge.

Devices such as laptops and desktops must also have at least Windows 10 or macOS Ventura, while mobile devices require at least iOS 16 and Android 9.

In the last year, the company began sharing updates on bringing the passkey feature to both Chrome and Android, and various services such as Docusign, Kayak, PayPal and Shopify deployed this to their users.