Passkeys – Simplifying Account Security Across Platforms While Staying Secure.

In an era of increasing digital threats, safeguarding our online accounts has become more crucial than ever. Recognizing the need for enhanced security measures, several tech companies such as Microsoft and Google have introduced a groundbreaking feature known as a Passkey. This article will explain the concept of Passkeys, how they work, show you an example of how Google has integrated it into your account, and guide you through the process of enabling it on different platforms such as iOS, Windows, and Android, ensuring the protection of your Google account.

What Are Passkeys & How Do They Work? 

Passkeys are a cutting-edge authentication method that eliminates the need for traditional passwords. Instead of logging into your account with your password, it leverages the power of biometrics to offer a secure and convenient way to access your account. By utilizing the built-in security features of modern devices, Passkeys provide an additional layer of protection against unauthorized access as an alternative to Two-Factor Authentication. On some websites, this means you don’t necessarily need to remember a username either. To use a Passkey, you simply scan a QR Code when prompted to. While that might not be considered unique, Passkeys cover potential security breaches such as someone stealing your account credentials, or using your Two-Factor Authentication. For context, Passkeys utilize a Private Key which s stored on your secure element on your phone. However, a public version of the key allows the website to verify that you have that Private Key when you log in, without knowing the Private Key. After you have created a Passkey for a website, you will be prompted with a QR Code which verifies your identity the next time you sign in. However, this does not give the website your Private Key. After the website verifies that you’re the holder of the Private Key, you’ll be authorized to sign in. This is done utilizing Bluetooth. Meaning that your phone with the Passkey must physically be near the computer or device that is logging in. Luckily, Bluetooth runs in the background. So there’s no need to open your Settings and enable Bluetooth. Generally, your phone will use your lock screen to verify your identity with Face ID, Fingerprint, or a pin. This also provides an obstacle for scammers trying to obtain your login credentials or Two-Factor Authentication code. This means that Passkeys cannot be easily phished or intercepted since they are based on biometric characteristics rather than shared secrets like passwords or verification codes.

Enabling Passkeys on iOS.

Google has integrated with Apple’s Face ID or Touch ID functionality on Apple devices. Follow these directions to set it up:

1. Go to your account settings or open the Google app on your iOS device.
2. Tap on your initials or profile picture in the top right corner.
3. Tap on “Google Account” option below your name and email address.
4. In the “Security” section, select “How You Sign in to Google.”
5. Tap on “Passkeys” and follow the on-screen instructions to set up Face ID or Touch ID authentication.

Enabling Passkeys using Windows Hello.

If you’re using a PC or laptop that runs Windows, you can enable Passkeys with ease. Here’s what you need to do:

1. Open a browser of your choice and visit the Google account login page. This can be found at accounts.google.com 
2. Enter your credentials and click on your profile picture in the top right. 
3. Select “Manage your Google Account” from the dropdown menu.
4. Navigate to the “Security” tab on the left sidebar.
5. Select “Passkeys” under “How You Sign in to Google.”
6. Follow the instructions to enable Windows authentication.

Enabling Passkeys on Android. 

For Android devices, Google has implemented Passkeys using the native biometric capabilities of the platform. To activate Passkeys, follow the steps: 

1. Open the Google app on your Android device.
2. Tap on your initials or profile picture in the top right corner.
3. Select “Manage your Google Account” from the menu.
4. Navigate to the “Security” section and tap on “Password & sign-in method.”
5. Select “Passkeys” and follow the instructions to set up fingerprint or face recognition.

Some Additional Notes. 

Not all computers support Bluetooth. If your PC does not have Bluetooth, it would be wise to get a USB Bluetooth adapter. They are generally affordable. If you’re using an Android phone with a Google account attached, you might be able to sign in to your Google account without scanning a QR code, but it would still require a Bluetooth connection. Alternatively, you can also use a physical security key (like a Yubikey) as a Passkey. Only a small number of websites are using Passkeys at this time. For a list of websites using Passkeys, click here.

Passkeys are a game-changer in the realm of account security, leveraging biometric authentication to provide a secure and convenient way to access your account. By enabling Passkeys on iOS, Windows, or Android, users can significantly enhance their account protection and bid farewell to cumbersome passwords. Embrace the future of authentication and enjoy the peace of mind that comes with Passkeys.