“Google Is Rolling Out Password-Killing Tech to All Accounts”
WIRED, May 3, 2023
Security
By Lily Hay Newman
“The tech industry’s transition to passkeys gets its first massive boost with the launch of the alternative login scheme for Google’s billions of users.”
Google is announcing a major effort to let its personal account holders log in with the password replacement known as “passkeys.” The feature launches today for the company’s billions of accounts, and users will be able to proactively seek it out and turn it on. Google says it plans to promote passkeys in the coming months and start nudging account holders to convert their traditional username and password login to a passkey.
Password-based authentication has been standard across the internet (and computing in general) for decades, but the system has serious security issues, namely that attackers can steal your password or trick you into giving it to them in phishing attacks. The passkey scheme is specifically designed to address phishing attacks by relying on a different model that uses cryptographic keys stored on your devices for account authentication.
In the year since the industry association known as the FIDO Alliance began publicly promoting the rollout of passkeys, the makers of the world’s biggest consumer operating systems—Microsoft, Google, and Apple—have launched the necessary infrastructure to support passkeys. But if you still have never used a passkey in your daily life, you’re far from alone.
The next step toward passkey adoption is for services to actually offer passkeys as a login option for user accounts. So far, companies like PayPal, Shopify, CVS Health, Kayak, and Hyatt have taken the plunge. Today’s launch of passkeys for Google’s users is noteworthy given the company’s resources and sheer scale.
“It’s very, very significant,” says Andrew Shikiar, executive director of the FIDO Alliance. “It’s an inflection point. A company like Google enabling this with so many people actually seeing passkey sign-ins, they’ll be more likely to use them elsewhere. And it will also accelerate other companies’ deployment plans and help them deploy better, because we will learn from this as a body.”
About the Author:
Lily Hay Newman is a senior writer at WIRED focused on information security, digital privacy, and hacking. She previously worked as a technology reporter at Slate magazine and was the staff writer for Future Tense, a publication and project of Slate, the New America Foundation, and Arizona State University. Additionally her work has appeared in Gizmodo, Fast Company, IEEE Spectrum, and Popular Mechanics. She lives in New York City.
