Google is moving up a gear to put an end to passwords as quickly as possible. The digital giant is thus starting to impose the use of passkeys to access its services. And that’s good !
Don’t be surprised the next time you log into your Google account. Because the Web giant will undoubtedly invite you to configure access keys (or passkeys, in English) to access its services. Convenient and reliable technology that allows you to connect in the blink of an eye, securely, without having to worry about your password. Google has just announced it: after several months of tests and positive feedback from the first users, it will now favor access keys to authenticate users of its services (Google account, Gmail, YouTube, Drive, Play Store , etc.). If you have not yet configured an access key, you will see, on your next connection attempt, a dialog box appear to encourage you to take the plunge.
To do this, nothing could be simpler: all you have to do is click on the Continue button. Your smartphone (or your computer, if applicable) will then ask you to authenticate yourself using its biometric device (facial recognition such as FaceID or Windows Hello, fingerprint sensor) or your PIN code. And that’s all ! You will be immediately connected to your account and will no longer need to enter your password each time you log in: Google will simply ask you to use your biometric sensor again to access its galaxy of services.
This authentication method has many advantages over passwords. Starting, obviously, with its practical aspect. No need to remember or enter a long and complex sesame: the connection is instantaneous! But more importantly: access keys offer much better protection than passwords against cybercriminals, because they prohibit any phishing attempts, in particular.
Passkeys: apparent simplicity that hides robust technology
Setting up access keys is child’s play… But behind this apparent simplicity lies a complex technology, years in the making. A technology based on a proven standard, known by the barbaric name of Multi-Device FIDO. So, when you activate the access keys, your device generates two long strings of alphanumeric characters behind the scenes, which you are not even aware of. The first, called “public”, is sent to service providers, like here, Google. The second, called “private”, remains on your device and is never transmitted to sites on which you must identify yourself. Each time you attempt to connect, your device will send the service an authentication message derived from your private key. If it is verified by the “public” key present on the server, you can enter!
This asymmetric cryptography technique has been known for a long time, but until last year it had not made inroads in the field of online authentication. Everything changed when Microsoft, Apple and Google chose to support the Multi-Device FIDO standard in May 2022 and port this technology to their respective operating systems. Recent versions of Windows, iOS, macOS and Android are now all compatible with access keys, which accelerates their democratization. Google admits it, however: the password is not dead yet! Yes, it remains mandatory when creating an account… and can still be used, especially if you lose the devices on which your access keys are hosted!