It is now possible to pass passwords in Chrome with passkeys, they are now available in Chrome Stable M108
Passwords are usually the first line of defense in our digital lives. However, they are at risk of being phished, subject to data leaks, and even suffering from poor password hygiene. Google has been aware of these issues for a long time, which is why it created defenses like two-step verification and Google Password Manager.
To deal with security threats in an easier and more convenient way, Google is opting and evolving towards passwordless authentication. That’s where passkeys come in. According to Google, passkeys are a much more secure substitute for passwords and other authentication factors that can be hacked. They cannot be reused and protect users against phishing attacks. Passkeys are based on industry standards and work across different operating systems and browser ecosystems, and can be used for websites and applications.
Passkeys follow familiar user interface patterns and build on existing experience with password auto-completion. For end users, using a password is similar to using a saved password today, where they simply confirm with their existing device screen lock, like their fingerprint. . Passkeys on users’ phones and computers are backed up and synced through the cloud to prevent lockouts in the event of device loss.
Additionally, users can use the keys stored on their phone to sign in to apps and websites on other devices. A passkey is a unique identity stored on a computer, phone, or other device, such as a USB security key. For websites or apps that have implemented the passkey API, it can enable login through quick and easy confirmation combined with device biometrics or other secure authentication.
Security keys are great for security because they don’t require a password that could be leaked. And as all the big tech companies like Apple, Google, and Microsoft are collaborating to adopt the technology (and the name), the experience should become device-agnostic. The technology is based on the FIDO standard, which uses public key cryptography, which makes the cross-platform aspect possible.
- Users can create and use keys on Android devices, which are securely synced through Google Password Manager;
- Developers can integrate security key support into their sites for end users using Chrome through the WebAuthn API, on Android and other supported platforms.
Google also allows passwords to be synced from Android to other devices through the company’s password manager or a third-party manager that supports it, such as 1Password or Dashlane.
The usefulness of passkeys in Chrome and other browsers will depend on whether sites implement the WebAuthn API to accept passkeys. Some online stores like Best Buy have already done this, and services like PayPal have also enabled it.
With the latest version of Chrome, Google is enabling passkeys on Windows 11, macOS, and Android. On Android, keys will be securely synced through Google Password Manager or, in future versions of Android, any other password manager that supports keys. Once you save a passkey on your device, it may show up in AutoFill when you log in to help you be more secure.
On a desktop device, you can also choose to use a passkey from your nearby mobile device. Because passkeys are based on industry standards, you can use an Android or iOS device.
A password does not leave your mobile device when you log in this way. Only securely generated code is exchanged with the site. Thus, unlike a password, there is no risk of leakage. To allow the control of security keys, from version M108 of Chrome, it is possible to manage your security keys from Chrome on Windows and macOS.
PayPal has announced that it is adding passkeys as an easy and secure login method for PayPal accounts. PayPal is one of the first financial services companies to make passkeys available to its users. This cutting-edge security standard is important because passkeys address one of the biggest security issues on the web, weak password authentication. More than 2.6 billion records were breached in 2017, and of those breaches, an estimated 81% were caused by password theft and guessing.
For security keys to work, developers must integrate security key support into their sites using the WebAuthn API. For years, we have worked with other industry players, including Apple and Microsoft, members of the FIDO Alliance and the W3C, to set standards for secure authentication.
Source: Chrome Blog
What is your opinion on the subject?
Do you find it necessary to abandon passwords in favor of password keys?
See as well :
Google launches Passkeys for Android to encourage users to stop using passwords to reduce the frequency of identity theft
PayPal launches Passkeys, designed to replace passwords, enabling easy and secure login for consumers
#pass #passwords #Chrome #passkeys #Chrome #Stable #M108