Windows

Google's passkey move: end of passwords?

Google seeks to make our future more hassle-free by removing the need for passwords and replacing them with passkeys. Let's see what is it all about.
J
  • Jim Richards,
  • last year
  • Editor Informer Technologies, Inc.

Google's passkey move: end of passwords? Google's passkey move: end of passwords?

On May 3, 2023 Google published a post titled “The beginning of the end of the password” to its blog. This was the announcement of passkeys becoming the real thing, a feature that the company began to roll out back then, claiming to be making “a major step toward a passwordless future.” Fast forward to October 10, 2023, when Google published another post on the subject, “Passwordless by default: Make the switch to passkeys.” As the title implies, it is both an announcement and an encouragement. The passkeys are here, they are the default authentication vehicle now, so a switch to them is prudent. Or, is it? Let’s dig a bit deeper into the matter and see what’s what.

What are passkeys?

Google Passkey promising paswordless future. Image from GoogleGoogle Passkey promising paswordless future. Image from Google

Try googling this question, and one of the first results suggested by the search engine will be a Wikipedia page. There, things are made less simple than they are. From a user’s perspective, a passkey is a digital code (credential) that simplifies access to a growing range of services, with Google, Apple, and Microsoft spearheading the initiative.

“Simplifies” here means that you don’t have to remember the combination of symbols that lets you into a restricted digital space, like your Google account. Instead, you unlock the device, using a PIN, or your fingerprint, or your face scan, and that’s it, you’re in. You might argue that password management software takes all the fuss out of the flow, but that’s beside the point here. Plus, passkeys do have some other advantages beyond streamlining the processes.

Advantages of passkeys

As mentioned above, using a passkey requires an unlocking routine, i.e., the device you plan to log in to your, say, Google account on, should have a fingerprint/face scanner or be lockable and request a PIN code.

This approach, as explained by all those supporting the initiative, virtually eliminates the risk of phishing and data leaks: the concept implies that only you can unlock the device that lets you in somewhere valuable, and what you use for the purpose simply cannot be shared nor stolen. For now, at least.

Vulnerabilities of passkeys

If you’ve already tried using passkeys on your phone, for example, you may have noticed that if a fingerprint or face scan fails, the device asks for the unlocking code/pattern. This is, regardless of what the experts are saying about passkeys being utterly secure, a vulnerability: an evildoer may not have your physical credentials, but obtaining that code/pattern is more realistic than you think.

Another concern about passkeys that can be found online is that of cookies. When logging in through a browser with a passkey, you create a cookie, which can be stolen. Yes, it’s a whole operation, but it is doable, one way or another.

Is our future passwordless?

Biometrics as primary means of unlocking. Image by storyset from FreepikBiometrics as primary means of unlocking. Image by storyset from Freepik

The two potential weaknesses described above are, of course, relevant for some extreme cases, when someone really wants access with your passkey. Otherwise, the feature – it feels like a feature on the surface, but there is a whole infrastructure underneath, – does make things more simple.

In the dedicated “Ask the Expert” piece Google published to its blog on October 10, 2023, there is a Q&A fragment of interest:

Q: “You talk about a “passwordless future” — will passkeys really replace passwords?”

A: “Yes, passkeys will replace passwords. It’s even broader than that. I’d say our vision for passkeys is to not only get rid of passwords, but also eliminate all the Band-Aids the industry has designed to make up for the fact that passwords are so vulnerable.”

That, give or take, means that passwords WILL fall into oblivion. As for the natural privacy concerns associated with biometrics playing a crucial role in the passkey play, the expert in that piece claims that devices – phones, basically, – were never designed to send such data anywhere, and everything is as local as it can be. We’ll see how that works out.

Author's other posts

Is Affinity for iPad free now? It would seem so
Article
Is Affinity for iPad free now? It would seem so
For whatever reason, Affinity graphic suite for iPad is now free. Most likely, the situation will change by the end of the month, so grab it now.
Don’t like Liquid Glass? Here are some ways to make it less… different
Article
Don’t like Liquid Glass? Here are some ways to make it less… different
Apple's Liquid Glass interface got mixed reactions. If you would rather have the old looks back, here are some tweaks.
Finally, an AI supercomputer for home use
Article
Finally, an AI supercomputer for home use
Nvidia starts selling DGX Spark, a "personal AI supercomputer" capable of running 200B-param models. The price is $3,999.
How to install Windows 11 on an unsupported PC
Article
How to install Windows 11 on an unsupported PC
The support of Windows 10 ends on October 14, 2025. If your PC is unsupported, read on to learn about ways to upgrade to Windows 11 regardless.