Windows

Google's passkey move: end of passwords?

Google seeks to make our future more hassle-free by removing the need for passwords and replacing them with passkeys. Let's see what is it all about.
J
  • Jim Richards,
  • last year
  • Editor Informer Technologies, Inc.

Google's passkey move: end of passwords? Google's passkey move: end of passwords?

On May 3, 2023 Google published a post titled “The beginning of the end of the password” to its blog. This was the announcement of passkeys becoming the real thing, a feature that the company began to roll out back then, claiming to be making “a major step toward a passwordless future.” Fast forward to October 10, 2023, when Google published another post on the subject, “Passwordless by default: Make the switch to passkeys.” As the title implies, it is both an announcement and an encouragement. The passkeys are here, they are the default authentication vehicle now, so a switch to them is prudent. Or, is it? Let’s dig a bit deeper into the matter and see what’s what.

What are passkeys?

Google Passkey promising paswordless future. Image from GoogleGoogle Passkey promising paswordless future. Image from Google

Try googling this question, and one of the first results suggested by the search engine will be a Wikipedia page. There, things are made less simple than they are. From a user’s perspective, a passkey is a digital code (credential) that simplifies access to a growing range of services, with Google, Apple, and Microsoft spearheading the initiative.

“Simplifies” here means that you don’t have to remember the combination of symbols that lets you into a restricted digital space, like your Google account. Instead, you unlock the device, using a PIN, or your fingerprint, or your face scan, and that’s it, you’re in. You might argue that password management software takes all the fuss out of the flow, but that’s beside the point here. Plus, passkeys do have some other advantages beyond streamlining the processes.

Advantages of passkeys

As mentioned above, using a passkey requires an unlocking routine, i.e., the device you plan to log in to your, say, Google account on, should have a fingerprint/face scanner or be lockable and request a PIN code.

This approach, as explained by all those supporting the initiative, virtually eliminates the risk of phishing and data leaks: the concept implies that only you can unlock the device that lets you in somewhere valuable, and what you use for the purpose simply cannot be shared nor stolen. For now, at least.

Vulnerabilities of passkeys

If you’ve already tried using passkeys on your phone, for example, you may have noticed that if a fingerprint or face scan fails, the device asks for the unlocking code/pattern. This is, regardless of what the experts are saying about passkeys being utterly secure, a vulnerability: an evildoer may not have your physical credentials, but obtaining that code/pattern is more realistic than you think.

Another concern about passkeys that can be found online is that of cookies. When logging in through a browser with a passkey, you create a cookie, which can be stolen. Yes, it’s a whole operation, but it is doable, one way or another.

Is our future passwordless?

Biometrics as primary means of unlocking. Image by storyset from FreepikBiometrics as primary means of unlocking. Image by storyset from Freepik

The two potential weaknesses described above are, of course, relevant for some extreme cases, when someone really wants access with your passkey. Otherwise, the feature – it feels like a feature on the surface, but there is a whole infrastructure underneath, – does make things more simple.

In the dedicated “Ask the Expert” piece Google published to its blog on October 10, 2023, there is a Q&A fragment of interest:

Q: “You talk about a “passwordless future” — will passkeys really replace passwords?”

A: “Yes, passkeys will replace passwords. It’s even broader than that. I’d say our vision for passkeys is to not only get rid of passwords, but also eliminate all the Band-Aids the industry has designed to make up for the fact that passwords are so vulnerable.”

That, give or take, means that passwords WILL fall into oblivion. As for the natural privacy concerns associated with biometrics playing a crucial role in the passkey play, the expert in that piece claims that devices – phones, basically, – were never designed to send such data anywhere, and everything is as local as it can be. We’ll see how that works out.

Author's other posts

CES 2025: 5 useful accessories for Apple products
Article
CES 2025: 5 useful accessories for Apple products
Discover the latest in Consumer Electronics with exciting Apple accessories premiered at CES 2025.
How to speed up my computer: uncommon yet effective tips
Article
How to speed up my computer: uncommon yet effective tips
Boost performance with these tips: Disable Windows effects, clean up your desktop, stop OneDrive syncing, increase virtual memory, and try lightweight software alternatives.
CES 2025: 10 devices you can actually find useful
Article
CES 2025: 10 devices you can actually find useful
Uncover practical innovations from CES 2025, like Roborock Saros Z70's with an arm, Samsung's AI fridge, or FaceHeart CardioMirror for health checks. Find your next gadget!
Five things to do about your computer during winter holidays
Article
Five things to do about your computer during winter holidays
Use your winter break wisely! Clean up hardware and software, organize files, explore software alternatives, and consider hardware upgrades to enhance performance.