Google's New Passkey Support Means Never Having To Remember Your Password
Passwords are annoying, but they are often a necessary evil in the world to keep all of your accounts and data secure. However, even the most complex password generation can't protect you from phishing attempts where bad actors can forge emails to look like legitimate ones.
Plus, secure passwords can't protect you from data leaks or breaches, which can happen even with the biggest companies and services. Alongside that, two-factor authentication, identifying street signs on a Captcha to prove your not a robot, and other ways of verifying your identity are just flat-out annoying.
To partially mitigate the annoyance and inherent security risks with passwords, Google is doing away with them, and introducing a passkey system, according to Google's security blog. With a passkey, Google won't ask you for a password anymore when logging into your Google accounts, and will instead allow you to create a PIN or use biometrics like face recognition or your thumbprint to log in. For an extra measure of security, the PIN and login info is locked to that specific device.
Less annoying than 2-step verification
If you still want to log in using a password, there is no need to panic, as passkeys are optional for now — some devices don't even support it yet, according to Google. The new system allows you to create passkeys for multiple devices, and it's shared between iCloud accounts for Apple users.
Google makes provisions for using someone else's device temporarily (i.e. using a library computer, or accessing your email). You can either create a passkey for that device and revoke it when you're done, or you can log in using your phone and temporarily authenticate that device with a one-time login. Google then allows you to use this device by both prompting you to take a picture of a QR code with your phone, and ensuring that the device is nearby with Bluetooth.
According to Google, the passkey system works by storing an encrypted key locally on the supported device. This means that even if someone had access to the PIN, they could not access your account, as they need both the key and the physical device. The key can also be synced between Google Password Manager and Apple's iCloud keychain.