FP TrendingOct 13, 2022 23:04:14 IST
Google is set to give passkey support in Chrome and Android. The tech giant made the feature available for users on Google Play Services Beta or Chrome Canary. The feature will be available on stable channels later in the year. But Google is not the only company contemplating passkeys. Apple had announced a new security feature called passkeys during the Worldwide Developers Conference (WWDC) in June 2022. During the discussion on Safari browser updates, Apple stated that it has been working with developers, the FIDO alliance, and industry partners like Microsoft and Google to create a password-less future. This security feature is supported by macOS Ventura, iOS 16 and iPadOS 16. So with passkeys gaining traction all over the tech world, it’s worth looking at what they actually are:
What are passkeys?
Passkeys are b ased on Web Authentication API (WebAuthn). It’s a standard that uses public-key cryptography rather than passwords for the authentication on websites and applications. They are stored on the device instead of a web server. It’s also a password replacement that utilises Face ID or Touch ID for biometric verification. So, instead of keying in a long password, you will be asked to authenticate through Touch ID or Face ID.
Passkeys can decrease the risks of your account being compromised as it removes passwords, which can be leaked, stolen, or exposed, from the authentication flow. Passkeys are not reused across sites like passwords can be. This reduces the risk of stolen credentials affecting other accounts. Hackers can’t trick you into sharing a passkey on a fake website. They can’t get leaked as nothing is kept on a web server.
Passkeys work by generating a pair of keys- one public and one private. Both are stored on the device. The cloud is the place where the public key is stored, and it is shared between devices that contain their own private keys. This ensures that in case a server is compromised, the attacker doesn’t have both the keys to get access to accounts.
Few websites support passkey-based authentication currently. However, that is likely to increase over time as developers start to implement passkeys in their services. Passkeys are still in their early days, and most popular websites still depend on the username-password combo.