Google Launches Passkeys for Personal Google Accounts: “So Long Passwords”

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
11,255
Points
83
Google has announced that passkeys for Google Accounts are now available. Described as a new way to sign in to apps and websites, passkeys are a replacement for traditional passwords, allowing users to gain access to their accounts via fingerprint, a face scan, or a screen lock PIN. According to Google, this data won't be shared with the company or anyone else, and passkeys are also cool because they are resistant to online attacks, including phishing. The new feature comes just a day ahead of World Password Day, a day that Intel created to stress the importance of creating solid passwords (e.g., not password123).

See full article...
 
Well its interesting and all, but doesn't read all that different than enabling biometrics on whatever app, like banking. I guess the difference is sidestepping the constant use of the user generated password via using a company generated one that is provided to you which is locked away under user generated biometrics.
Of course they don't need the biometrics, they have the password already, either one really user or company generated. They have to. This service wouldn't be much different either if you encrypt the user password and exchange/ compare encryption keys from then on under biometrics ( is this what banks do anyway?)
Thinking about this, how could a service be provided without the company ever having access to your data? I can imagine one were everything is encrypted including the password upon logging off, the random session key or keys are provided to the user then deleted from the company server. Should the user lose said keys, then they would no longer have an account for the service I suppose. But im talking out of me butt, I know very little about this stuff, only what I read around here and there.
 
Last edited:
Sounds to me like it's all tokenized and random based on synced keys so there never is an password saved jus paird keys with tokens based on time of authentication.

At least that's how I would see it. Couple that with 2fa and you get pretty hard to crack.
 
All these years I thought you just had to type the word “password” in the box labeled password and thought it was rather silly
 
You must log in or register to reply here.
Become a Patron!
Back
Top