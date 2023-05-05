share Facebook Twitter Pinterest WhatsApp Telegram

Every May 4th is World Password Day, and Google announced this year that users can create Passkeys for Google accounts (Google calls them “keys” and Apple calls them “passkeys”). In the future, users no longer need to remember passwords, and can log in to Google services through biometric authentication on mobile phones or computers, or PIN codes, or other third-party applications that use Google to log in.

Passkey is May last year Google, Apple and Microsoft jointly announced that they will support the FIDO Alliance standard “Multi-device FIDO Credentials” collectively, using the public key generated by the industry-standard API for signature authentication, no need to enter a password, as long as the fingerprint or face verification of the mobile phone or PIN code can be used for authentication. In addition, the Passkey is only stored in the device and does not need to be sent out, so “man-in-the-middle attacks” can be avoided.

Google is in October last year Announced phased support for Passkey on Android and Chrome, adding passkey support for Google accounts today. Google even pointed out that by the time of World Password Day next year, people no longer need to use passwords, let alone remember them.

Conditional with passkey

Everyone just log in Google account passkey (key) page you can view the currently created passkey and create a new passkey. You can also go to the “Security” page of the Google account, click “Passkey” in the “How you sign in to Google” section to enter the Passkey page.

By default, the Google account has the function of “skip passwords as much as possible” enabled, and Passkey will be used first.

Each Google account can register multiple devices to store Passkey, and everyone can create Passkey on all their mobile phones and browsers.

Users can create Passkey on the following devices:

Notebook or desktop computer running Windows 10/macOS Ventura or above;

Mobile devices running iOS 16/Android 9;

Hardware security key supporting FIDO2 protocol;

Users also need to use Chrome 109/Safari 16/Edge 109 or above browsers (desktop or mobile version);

The device that creates or uses Passkey also needs to turn on the screen lock function, and if you plan to use the mobile phone to authenticate the service on another computer, you also need to turn on the Bluetooth function.

Since the Apple device will store the Passkey in the iCloud keychain (Keychain), as long as an iPhone is registered, other Apple devices under the name can be used for authentication.

Apple devices will use iCloud Keychain to synchronize Passkey to all devices under the name, and all devices can be used as long as they are registered once.

However, the Google Workspace (old GSuite) account is not yet able to create a Passkey.

Google account establishment passkey process

Enter Google account passkey (key) page Then you will find that Google will automatically create Passkey for Android devices, but the browser on the computer and the iPhone/iPad must be created by themselves.

Google will automatically create Passkey for Android devices.

Click the “+Create Key” button; If you want to create a Passkey locally, you can press the “Continue” button, but if you want to create a Passkey for iPhone/iPad, you need to click “Change to another device” (skip to step 5);

If the browser has logged in multiple accounts, first select which account the Passkey is created for, and then click “Continue”;

Scan your fingerprint/face to create a private key-public key pair (skip to step 7);

If Passkey is created on the mobile phone, the computer browser will display a QR code, scan the QR code with the mobile phone to read the FIDO key in it;

After reading the FIDO key, the mobile phone will ask the user to confirm whether to create a Passkey. After pressing “Continue”, Face ID or Touch ID authentication will be performed, and a private key-public key pair will be created on the mobile phone and stored in the iCloud key ring;

In this way, Passkey can be established easily;

In addition to the prompts on the computer, the mobile phone will also send out prompts for confirmation;

The Passkey data created just now will be added to the Google key page. You can change the name, or abolish it after selling the machine.

Passkey login process demonstration

In addition to being used to log in to the Google account website, if other network services are logged in with a Google account, you can also use the Google account Passkey you just created to log in. In this example, use the Google account Passkey to log in to IFTTT.

After IFTTT chooses to log in with Google, a Google login window will pop up, and Passkey will be used to log in by default. The user can choose which account to log in with the Passkey here;

Originally, you can log in as long as you scan your fingerprint on your computer or complete Face ID authentication on your mobile phone, but if IFTTT also sets up two-factor authentication, you will then be asked to enter IFTTT’s own one-time password.

As can be seen from the above example, although Passkey can save the steps of entering passwords, it still has the authentication requirements of the third-party application itself. To make Passkey fully accessible, it is ideal for third-party applications to integrate Passkey authentication to replace one-time password two-factor authentication.

Buddy unlockable phone is not suitable for building passkey

In addition to the time it takes for third-party applications to integrate Passkey functions, you should also note that Passkey delegates authentication to the device. Google reminds users to note that anyone else who can unlock the device will become able to use the device to log in to the user’s account, so it must only be available incompletely privatePasskey can only be established on the device. Some people’s computers and mobile phones can be unlocked by close friends or relatives, so it is not suitable to install Passkey.

Most recent video: