Passwordless Google Accounts are here – you can now switch to passkey only – Ars Technica

Google is taking a huge step towards our supposed passwordless future by enabling passkey-only Google Accounts. In a blog post titled “The beginning of the end of the passwordGoogle says: “We are starting to roll out support for passkeys across Google Accounts on all major platforms. They will be an additional option that people can use to log in, along with passwords, 2-step verification (2SV), etc. Previously, you were able to use a passkey with a Google account as part of two factor authentication, but this has always been In addition to password. Now it is possible to use a Google account with a passkey instead of password.

A passkey, if you haven’t heard of the new authentication method, is a new way to sign in to apps and websites and may one day replace a password. Password entry began as a simple text box for humans, and automation and complexity were slowly installed on text boxes as the desire for increased security arrived. While you used to type a remember word into the password field, today the correct way to use a password is to have your password manager paste a random string of characters into the password box. Since few of us actually type in our passwords, passkeys remove the password box.

Passkeys let your operating system directly exchange public and private key pairs —WebAuthnStandard – with a website, and this is how you authenticate. Google’s demo of how this works on the phone looks great – the usual box asks for your Google username, then instead of a password, it asks for your fingerprint, which unlocks the passkey system, and you’re signed in. Access.

Passwordless Google support is heading to consumer devices right now, while business Google Workspace accounts will “soon” have the option to enable passkeys for end users.

Passkeys still aren’t ready for prime time

Even with Google all in on passkeys, that doesn’t mean they’re ready for widespread adoption. First, some platforms (Windows/Linux/Chrome OS) are not as far behind as others (macOS/iOS/Android). passkeys.dev official website He has a useful page which tracks platform-by-platform readiness, and there’s still a long way to go. It would be awful not being able to access your Google account on a passkey on Chrome OS, which will supposedly lock you out until you go back to the password.

It doesn’t look like the second problem is going to be fixed anytime soon, which is syncing passkeys via a file environmental operating system, and not via a browser, which is a huge regression to the way passwords work. Today, if you add a password to Chrome on Windows, that password is immediately available everywhere you have installed Chrome, like Android phone, MacBook, iPhone, Chromebook, etc. But passkeys don’t work that way.

quote from FIDO Alliance page, Passkeys’ are in sync with all other running user devices Same OS platform” [emphasis ours]. This means that if you add a passkey to Chrome on Windows, that passkey goes to the operating system vendor’s passkey store – Microsoft – and will only sync with other Microsoft operating systems. If you use Apple devices exclusively, everything will sync and you won’t notice any difference. The rest of us will need to go through a QR code and Bluetooth-based transfer process to get our credentials working across Windows and Android or Android and Linux, or any other vendor combination across operating systems. The big tech companies responsible for passkeys don’t seem interested in making them as seamless and convenient as passwords, and that would be a major hurdle to their ubiquity.

1 Confirm the password The whole sync mess,” right now, passkeys on other platforms require you to use a device from the same ecosystem to authenticate. Syncing with other operating systems or sharing passkeys requires tedious business solutions, such as QR codes, which leads to more complexity and less A secure experience.” It’s not clear if apps like 1Password have been invited to the Big Tech passkey party. 1Password says it has joined the FIDO Alliance, but 1Password’s passkey page also has a video saying passkeys weren’t open enough. The video says, “Today’s solutions don’t live up to that promise of openness and interoperability. If you create a password on your iPhone or Android today, you’re pretty much trapped. It’s not easy to share, transfer to another platform, or sync with a password manager.” Your preferred password. We can do better. That’s why we’re excited to show you what the future could look like, if passwordless technology were more open.”

1Password’s passkey page contains a lot of “can” and “should” language, but the company is working on some sort of solution that will be rolling out “this summer.” Even if a company can solve the problem of syncing passkeys for its own app, having such a key regression across platforms in the default setting—which is what most people will use—would seriously limit the appeal of passkeys.

Listing image from Google