INTERPRETER
The tech giant now verifies a person’s identity on a device using a PIN, biometrics, or a more sophisticated security dongle.
Good news for all you password haters out there: Google has taken a big step towards making them an afterthought by adding “passwords” as an easier and more secure way to log into its services.
Here’s what you need to know:
What are access keys?
Passkeys provide a more secure alternative to passwords and SMS confirmation codes. Users will never see them directly; instead, an online service like Gmail will use them to communicate directly with a trusted device like your phone or computer to sign you in.
All you need to do is verify your identity on the device with a PIN, biometrics such as a fingerprint or facial scan, or a more advanced physical security dongle.
Google has designed its passkeys to work with a variety of devices, so you can use them on iPhones, Macs, and Windows computers, as well as Google’s Android phones.
Why are access keys needed?
Thanks to clever hackers and human fallibility, passwords are just too easy to steal or beat. And making them more complex opens the door for users to beat themselves up.
For starters, many people choose passwords they can remember — and easy-to-remember passwords are also easy to hack.
For years, analysis of hacked password caches showed that the most commonly used password was “password123”. A more recent study by the password manager NordPass found that it’s now just “password.” This fools no one.
Passwords are also commonly compromised in security breaches. Stronger passwords are more secure, but only if you choose one that is unique, complex, and not obvious. And once you’ve chosen “erVex411$%” as your password, good luck remembering it.
In short, passwords put security and ease of use at odds. Software-based password managers, which can create and store complex passwords for you, are valuable tools that can improve security. But even password managers have a master password that you need to protect, and that plunges you back into the swamp.
Besides getting around all those problems, passkeys have an additional advantage over passwords. They are specific to certain websites, so scammers cannot steal a password from a dating site and use it to loot your bank account.
How do you start using passwords?
The first step is to enable them for your Google account. On a trusted phone or computer, open the browser and sign in to your Google account. Then go to the g.co/passkeys page and click on the “start using passkeys” option. voila! The password feature is now activated for that account.
If you’re using an Apple device, you’ll first be prompted to set up the Keychain app if you’re not already using it; it securely stores passwords and now passkeys too.
The next step is to create the actual access keys that connect to your trusted device. If you’re using an Android phone that’s already signed in to your Google account, you’re almost there; Android phones are automatically ready to use passkeys, although you still need to enable the feature first.
On the same Google account page mentioned above, look for the “Create a passcode” button. Pressing it opens a window where you can create a password on your current device or on another device. There is no wrong choice; the system will simply notify you if that password already exists.
Using a computer that can’t create a password opens a QR code that you can scan with regular cameras on iPhones and Android devices. You may need to move the phone closer until the “Set Key” message appears on the image. Tap it and you’re on your way.
And then what?
From then on, all you have to do is enter your email address to sign up with Google. If you’ve set up the access keys correctly, you’ll just receive a message on your phone or other device asking for your fingerprint, your face, or a PIN.
Your password is of course still there. But if passwords are booming, chances are you won’t be needing them much. You can even choose to remove it from your account one day.