Google launches passkeys: “The beginning of the end of the password”

Google debuted a new way to sign in that doesn’t require a password this Thursday: the “passkeys” or access codes. It is a system that uses the user’s device via pin, fingerprint or biometric data, instead of the classic password.

With access keys, user authentication syncs across all your devices via the cloud using cryptographic key pairs. This allows the user to log into websites and apps using the same biometrics (fingerprint or facial recognition) or screen lock PIN they use to unlock their devices.

“Last year, together with the FIDO Alliance, Apple and Microsoft, we announced that we would begin working to support access keys on our platform as a simpler and more secure alternative to passwords,” the company explained in its official blog. , in a post . what a title “The beginning of the end of the password.”

And today, before world password day, we’ve started rolling out support for access keys in Google Accounts on all major platforms. They will be an additional option for people to use to sign in, along with passwords and two-step verification (2SV),” the statement continued.

The reasons for this migration, which is currently optional, have to do with the fact that passwords are often leaked online and are prone to being exploited by scammers and cyber attackers. Passwords make it difficult for attackers to access other people’s accountsas physical access to the user’s device is required.

If we take into account that according to a Google survey, at least the 65% of respondents reuse your passwords across multiple accounts and web services, the chances of multiple platforms or applications being compromised are high.

What are “passkeys” or access codes

“Passwords are a new way to access apps and websites. Both are easier to use and more secure than passwordsso users no longer have to trust nicknames, birthdays or the infamous “password123″.”

“Instead, passcodes allow users to log into apps and sites the same way they unlock their devices: with a fingerprint, face scan, or screen lock PIN. And unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than similar things one-time SMS codes”, they add.

When a user wants to access a service that uses access codes, the browser or operating system will allow the use of an access code. It’s not that different from how stored passwords work todayonly that Google will require the device to be unlocked, with a biometric sensor (such as fingerprint or facial recognition), a PIN or a pattern, to allow access.

Google also accepts security keys such as FIDO keys, which are one of the most secure login methods today.

In the case of Google, they can be configured at this link

world password day

Despite this move by Google, the password will still exist for a while: Transitions in cybersecurity take time and aren’t always universal. For this reason, this Thursday is celebrated on “world password day”to remind you of the importance of creating secure passwords resistant to cyber attacks.

The day was inspired by the book Perfect passwords by Mark Burnett published in 20051. The first Thursday of May was chosen as the day to celebrate World Password Day by intel security, who initiated the proposal to declare this day in 2013.

Thus, every first Thursday of May we remind you that it is always better to have a secure password, especially for sensitive services: combine uppercase and lowercase, numbers and symbols, do not repeat the same password for different accounts and change them periodically.

Cybersecurity companies like CheckPoint are posting tips for creating strong passwords these days:

• The longer and more varied, the better: must be at least 14-16 characters long and consist of different letters, capital letters, symbols and different numbers. However, it has been observed that by simply increasing the password up to 18 combined characters, a completely unbreakable key can be constructed.

• Easy to remember, hard to guess: It should be a combination that only you know, so you are advised not to use personal data such as anniversaries or birthdays, or names of relatives, as these may be easier to find out. An easy way to create passwords that anyone can remember is to use full sentences, with common or absurd scenarios, with examples like “meryhadalittlelamb” or its even more secure equivalent with different characters “#M3ryHad@L1ttleL4m8”.

• Unique and unrepeatable: create a new password each time you access a service and avoid using the same password for different platforms and applications. This ensures that in the event that a password is compromised, the damage will be minimal and easier and faster to repair.

• Always private: a premise that may seem trivial but it is important to remember it. A password should not be shared with anyone, and it is especially recommended not to write it down near your computer or even in a file on it.

• True security is just ‘two steps’ away: In addition to having a strong and secure password, using two-factor authentication (2FA) is a big security improvement. In this way, whenever an attacker or an unauthorized person wants to access another person’s account, the account owner will receive a notification on his mobile phone to grant or deny access.

• Change it periodically: Sometimes, even after following all these practices, incidents beyond our control occur, such as leaks of company databases. Therefore, it is advisable to periodically check if an email has been the victim of a third-party vulnerability, as well as try to trace accounts that may have been compromised.

Of course, there’s always the option of using a key manager, which is, for many experts, the best solution (although like any method it has its risks).

“Managers have a great advantage: they facilitate the task of ‘remembering’ passwords for one, which enables the possibility of using a different password, unique and also difficult to memorize, for each service we use and requires it,” he explains to clarion Iván Barrera Oro, alias HacKan, software developer specializing in computer security.

Finally, it is important to remember that physical security keys such as FIDO are among the safest methods of protecting personal accounts (more information here).