[ad_1]
In October Google announced the passkey support in the Canary version of Chrome. In the past few hours Ali Sarraf, product manager of the browser, has made known that support has finally landed in the M108 stable version of Chrome. Some may already be wondering: what are passkeys? In a nutshell, it is a new way to authenticate on sites and services without the use of passwords.
It is precisely Sarraf who explains why Google is implementing passkey support in various services and products. “Passwords are usually the first line of defense in our digital lives. However, risk being subject to phishing attacks and data leaks as a result of violations. Google has long recognized these issues, which is why we’ve built defenses like two-step verification and Google Password Manager.”
“To address these security threats in an easier and more cost-effective way, we need to switch to passwordless authentication. This is where the passkey. Passkeys are a significantly more secure replacement for passwords and other phishing-prone authentication factors. They can’t be reused, don’t leak in the event of a server breach, and protect users from phishing attacks. Passkeys are based on industry standards, can work on different operating systems and browsers, and can be used with both websites and apps“.
Authenticating on sites and apps that support passkeys requires you to authenticate yourself in the same way as “unlock a device”. With the latest version of Chrome (also interesting for the improvements in RAM usage), Google is enabling passkeys on Windows 11, macOS and Android.
On Android your passkeys are synced securely via Google Password Manager or, in future versions of Android, any other password manager that supports passkeys. Once you save a passkey on your device, it can appear in autofill when you need to authenticate.
On a desktop system you can choose to use a passkey from your nearby smartphone/tablet, and since passkeys are based on industry standards, you can use an Android or iOS device. “A passkey doesn’t leave your mobile device when you log in this way. Only a securely generated code is exchanged with the site and therefore, unlike a password, there is nothing that can be stolen“.
As can be seen in the table, support is not total at this time: Google doesn’t mention Windows 10 and Chrome on Linux doesn’t support passkeys with a built-in authenticator. Linux users can use passkeys from another device, such as an Android phone or iPhone, by scanning a QR code.
In closing, it should be added that, being an industry standard, passkeys will also find application and diffusion in Apple and Microsoft devices, software and services.
.
[ad_2]
Source link
