Google is giving passwords the boot and nudging users to try passkeys.
  • Google starts showing prompts to create and use passkeys to streamline the way you sign in to your personal account.
  • You’ll also see a new option to “skip password when possible” in your account settings page.
  • Users will still be able to sign in with a password and can opt out of passkeys for the time being.
  • Nia [she/her]@lemmy.blahaj.zone
    4·
    1 year ago

    This is one of those things that are a good thing but could be really bad if they don’t have a way to backup or export the passkeys.

    If they don’t, a lot of people who break their phone will get locked out of their account, but if they allow backups then at the very least it’s not guaranteed to lose access.

    Assuming this is done right though it’s gonna be great for account security

    • Diplomjodler@feddit.de
      1·
      1 year ago

      I’ve read quite a few articles about this stuff and I still have no idea how it works. That’s probably just me.

      • LoafyLemon@kbin.social
        2·
        1 year ago

        I’m a programmer, and I agree with you that the article can be a bit confusing. To put it simply, Google’s passkey feature is a type of two-factor authentication (2FA) that eliminates the need for a traditional password. Instead, you get a short code generated randomly.

        Here’s how it works: When you choose passkey as your authentication method on a website, a randomly generated password is stored in the website’s database. This password is also registered with Google’s passkey service and is used as an ID token. When you want to log in, you need to use your phone or another device that supports passkey authentication to confirm your identity, sort of like a ‘handshake.’

        This method enhances security while simplifying the login process. In theory.