Google Passkeys: One step closer to the end of passwords – CCM

Google is moving up a gear to put an end to passwords as quickly as possible. The digital giant is therefore starting to mandate the use of passkeys to access its services. And that’s good !

Don’t be surprised the next time you log in to your Google account. Because the web giant will undoubtedly invite you to configure access keys (or passkeys, in English) to access its services. Practical and reliable technology that allows you to quickly establish a secure connection without having to worry about your password. Google has just announced it: after several months of testing and positive feedback from the first users, it will now prefer access keys to authenticate users of its services (Google Account, Gmail, YouTube, Drive, Play Store, etc.). If you have not yet configured an access key, the next time you try to connect, a dialog box will appear asking you to take the step.

Google Passkeys One step closer to the end of passwords

This is easy to do: just click the “Next” button. Your smartphone (or your computer, if applicable) then asks you to authenticate yourself with its biometric device (facial recognition such as FaceID or Windows Hello, fingerprint sensor) or your PIN code. And that’s it ! You’ll be instantly connected to your account and no longer have to enter your password every time you log in: Google will simply ask you to use your biometric sensor again to access the galaxy of services.

This authentication method has many advantages over passwords. Starting, of course, with the practical aspect. There is no need to remember or type a long and complex sesame: the connection is instant! But even more important: Access keys offer much better protection against cybercriminals than passwords, as they particularly prevent phishing attempts.

Passkeys: apparent simplicity that hides robust technology

Setting up access keys is a breeze… But behind this apparent simplicity lies complex technology that has been years in the making. A technology based on a proven standard known by the barbaric name Multi-Device FIDO. So when you enable access keys, behind the scenes your device generates two long strings of alphanumeric characters that you don’t even notice. The first, called “public,” is sent to service providers such as Google. The second, labeled “private,” remains on your device and is never transmitted to websites that require you to identify yourself. Each time you attempt to connect, your device sends the service an authentication message derived from your private key. If it is verified by the “public” key present on the server, you can participate!

This asymmetric cryptography method has been known for a long time, but had not found its way into the field of online authentication until last year. Everything changed when Microsoft, Apple and Google decided in May 2022 to support the multi-device FIDO standard and port this technology to their respective operating systems. Current versions of Windows, iOS, macOS and Android are now all compatible with access keys, accelerating their democratization. However, Google admits: the password is not dead yet! Yes, it remains mandatory when creating an account… and can still be used, especially if you lose the devices hosting your access keys!