Google launches passkeys: 'The beginning of the end of the password'

Google released this Thursday a new method to log in that does not require passwords:

It is a system that uses the user's device through a pin, fingerprint or biometric data, instead of the classic password.

With access keys, user authentication

via the cloud using cryptographic key pairs.

This allows the user to log in to websites and apps using the same biometrics (fingerprint or facial recognition), or screen lock PIN that they use to unlock their devices.

"Last year, together with the FIDO Alliance, Apple and Microsoft, we announced that we would start working to support access keys on our platform as an easier and more secure alternative to passwords," the company explained in its official blog, in a post. which he titled

“And today, ahead of

, we're starting to roll out support for passcodes in Google Accounts across all major platforms.

They will be an additional option that people can use to sign in, along with passwords and two-step verification (2SV)," the statement continued.

The reasons for this migration, which is optional at the moment, have to do with the fact that passwords are often leaked online and are prone to being exploited by scammers and cyber attackers.

, since physical access to the user's device is required.

If it is taken into account that according to a Google survey, at least

reuse their passwords in multiple accounts and web services, the chances of various platforms or applications being violated are high.

What are the "passkey" or access codes

Passkeys come to Google.

Google photo

“Passwords are a new way to log into apps and websites.

, so users no longer need to rely on pet names, birthdays, or the infamous "password123."

“Instead, passcodes allow users to sign in to apps and sites the same way they unlock their devices: with a fingerprint, face scan, or screen lock PIN.

And unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like

,” they add.

When a user wants to access a service that uses access codes, the browser or operating system will allow the use of an access code.

, only that for Google to allow access, it will request the unlocking of the device, with a biometric sensor (such as a fingerprint or facial recognition), a PIN or a pattern.

Google also accepts security keys such as FIDO keys, which are one of the most secure methods of signing in today.

In the case of Google, they can be configured at this link

world password day

Passwords and passwords.

Photo: Shutterstock

Despite this move by Google, the password will still be around for a while: transitions in computer security take time and aren't always universal.

For this reason, this Thursday marks

, to remember the importance of creating secure passwords that are resistant to cyberattacks.

The day was inspired by Mark Burnett's book

 published in 20051. The first Thursday in May was chosen as the day to celebrate World Password Day by

which initiated the proposal to declare this day in 2013.

Thus, every first Thursday in May it is remembered that it is always better to have a secure password, especially for sensitive services: combine upper and lower case letters, numbers and symbols, do not repeat the same password for different accounts and change them periodically

Cybersecurity companies like CheckPoint publish these days tips for creating strong passwords:

• The longer and more varied, the better

  : it should be at least 14-16 characters long and consist of different letters, mixed case, symbols and numbers.

  However, it has been observed that by simply increasing the password up to 18 combined characters, a completely unbreakable key can be constructed.

• Easy to remember, hard to guess

  – This should be a combination that only the user knows, so it is best not to use personal details such as anniversaries or birthdays, or the names of family members, as these may be easier to discover.

  An easy way to create passwords that anyone can remember is to use complete phrases, either with common or absurd scenarios, with examples like 'meryhadalittlelamb', or its even more secure equivalent with different characters '#M3ryHad@L1ttleL4m8'.

• Unique and unrepeatable:

  create a new password each time a service is accessed and avoid using the same password for different platforms and applications.

  This ensures that in the event that a password is compromised, the damage will be minimal and easier and faster to repair.

• Always private:

  a premise that may seem basic but is important to remember.

  A password should not be shared with anyone, and it is especially recommended not to write it down near the computer or even in a file on it.

• Real security is just 'two steps' away:

  In addition to having a strong and secure password, using two-factor authentication (2FA) is a huge security enhancement.

  In this way, every time an attacker or an unauthorized person wants to access another person's account, the account owner will receive a notification on his mobile phone to grant or deny access.

• Change it periodically:

  Sometimes, even after following all these practices, incidents occur outside of our control, such as company database leaks.

  Therefore, it is advisable to periodically check if an email has been the victim of a third-party vulnerability, as well as try to trace the accounts that may have been compromised.

Of course, there is always the option of using a key manager, which is, for many experts, the best solution (although like any method it has its risks).

"The managers have a great advantage: they facilitate the task of 'remembering' the passwords for one, which enables the possibility of using a different password, unique and even difficult to memorize, for each service that we use and requires it", he explains to

Iván Barrera Oro, alias HacKan, software developer specializing in computer security.

Finally, it is important to remember that physical security keys such as FIDO are among the safest methods to protect personal accounts (more information here).