Passwords, no matter how strong they are, there is always a chance for someone to crack it.
And not just that, because creating a strong password, and remembering it at the same time, can be a choir. Not everyone can do it, let alone being forced to do it. This is why biometric authentication exists.
And this is also why tech companies experiment on two-factor authentication, including FIDO.
Google is the tech giant of the web, and this time, it announced one major effort to finally bring the long-sought passwordless future to reality.
And that is by officially launching an option to totally replace passwords on personal Google Account users with the password replacement known as 'Passkey'.
The feature launches to all of the company's billions of registered accounts, where users should be able to proactively seek it out and turn it on.
Dubbing it "the easiest and most secure way to sign in to apps and websites and a major step toward a passwordless future," Google said that it plans to promote this passkey feature, and start nudging account holders to convert their traditional username and password login to a passkey.
For all this time, password-based authentication has been standard across the internet.
It has been that way for decades.
But since the internet is a public space, and that computers are getting better in cracking passwords, password-based authentication has serious security issues that cannot be thwarted.
Not only that, "shoulder surfing" where bad actors steal login information by peeking, to social-engineering attacks, to AI-based manipulation and more, hackers have tons of resources at their disposal to extract sensitive information from legitimate users.
And Passkey here is specifically designed to address phishing attacks by relying on a different model that uses cryptographic keys stored on your devices for account authentication.
In the year since the industry association known as the FIDO Alliance began publicly promoting the rollout of passkeys, the makers of the world's biggest consumer operating systems—Microsoft, Google, and Apple—have launched the necessary infrastructure to support Passkeys.
It took years to properly implement, because during the long span of time, people couldn't really ditch password for anything.
There is no easy, and safe way to replace password.
But this time, Google is boldly announcing its total support for Passkey, in a next step towards the technology's adoption as a login option for user accounts.
Companies like PayPal, Shopify, Kayak, DocuSign, Yahoo! Japan, and more have started using Passkeys as passwordless authentication.
But the launch of Passkeys for Google’s users is noteworthy given the company's resources, sheer scale, and massive influence throughout the digital ecosystem.
Read: How AI Can Easily Crack Passwords, And What People Should Do To Remain 'Safe'
According to Andrew Shikiar, executive director of the FIDO Alliance:
"It's an inflection point. A company like Google enabling this with so many people actually seeing passkey sign-ins, they’ll be more likely to use them elsewhere. And it will also accelerate other companies’ deployment plans and help them deploy better, because we will learn from this as a body."
Passkeys allow users to login into their Google Account using biometric sensors like fingerprint or face scanners that are already available on their smartphone or tablet.
They can also do this via their phone's lock PIN, or physical authentication dongles like YubiKeys.
To transition to this authentication method, Google Account users should first login into their account, and create a passkey to register the device they want to use with their account.
According to Christiaan Brand, an identity and security product manager at Google and co-chair of the FIDO2 technical working group:
"If we can change the way that signing in works for your Google account, we hope that consumers will start to get more accustomed to the technology, and also signal to industry that we’re not just talking about this stuff—it is ready for prime-time adoption."
Read: Apple, Google, And Microsoft Commit On Creating Implementing Passwordless Sign-In On Their Platforms
To make it easier for users, Passkeys can sync between users' devices through end-to-end encrypted services like Google Password Manager and Apple's iCloud Keychain.
This is the only way to make it ubiquitous.
"What doesn’t help is when a vendor or developer only rolls out passkey for iOS or only rolls it out for Android. That’s not how passwords work; passwords are ubiquitous," Brand said. "So for us, it was important to cover as wide a range of devices as possible on launch day, no carve-outs."
Users can even set up Passkeys on multiple devices by generating a QR code on a device that's logged in to their Google Account that will point to the other device where they want to log in.
And for convenience, all of users' Passkeys are listed on the “Passkey Management Page,” where users can review and revoke them.
Users can even store a Passkey for their account on the device of someone they trust as a recovery option.
Google's announcement is made on the eve of the 2023 World Password Day.
"Eventually, it's going to be like World Horse and Buggy Day, I think," Shikiar said. "For the time being, it’s a good reminder of the challenge we have to get rid of passwords."