Google is getting closer to passwordless login

Passwords are essential for online security these days, but threats such as phishing, fraud, and low cyber awareness from users who frequently use the same password in multiple places continue to threaten them. Google has been aware of these issues for a long time, so we’ve implemented protections like two-step verification and Google Password Manager.

– we read on the Google blog

To really fix password problems, you need to change them to something else. For more than a decade, Google has been laying the groundwork for a passwordless future, and an out-of-the-box solution should appear within the next year.

Today, on World Password Day, we are announcing a significant achievement on that path: we plan to implement passwordless support for FIDO login standards in Chrome, ChromeOS, and Android. Apple and Microsoft have also announced that they will offer support for their platforms. Thanks to this, logging in on different devices, websites and applications will be easier – regardless of the platform – and will not require entering a password.

– informs Google

Watch: Google is killing another service. It will be gone in August
Watch: Google has cleaned it up. Russia was the most affected

Login without a password according to Google

Logging in to the website or app on the phone will only require unlocking the phone – you will no longer need to enter your account password. Instead, it will be saved to your phone FIDO authentication keywhich will be used to unlock the account. The connection with such an encrypted key is much more secure because the information necessary for authentication is there. only transferred to user’s online account when phone is unlocked.

In turn, to log in to the website on a computer, you just need to have your phone at hand and unlock it when the system asks for it. Once the user has done this, the phone will not be needed next time – the connection will be done automatically after unlocking the computer. Even if you lose or lose your phone, authentication keys will securely sync to the new deviceusing a cloud backup, thanks to which the new phone will immediately work like the previous one.

It should be added here that the connection without password already works in the Microsoft ecosystemwhich I use myself. When you sign in to your Microsoft account in any app, just enter your username, then approve login to Authenticator app on smartphone.

A little history

The introduction of keys brings us closer to the passwordless future that Google has been thinking about for over a decade. Here are the most important innovations introduced at this time:

• Google Password Manager: In 2008, the giant released the first version of our password manager, which allows you to log in easily and securely without having to remember and enter your password.

• Two-step verification: In 2011, Google was the first company (as can be read on the Google blog) to introduce two-step verification, ensuring security and ease of login for users.

• Security Key for Google Employees: In 2012, the American company introduced a comprehensive solution called “Security Key”, preventing phishing attacks against Google employees. Chrome support was on the Mountain View giant’s side, Yubico provided the device and NXP provided the chip.

• Join the FIDO Alliance: In 2013, Google and its development partners joined FIDO Alliance – an organization created a few months earlier, which aims to introduce an open passwordless standard.

• Security keys for all: In 2014, the Americans began offering open-standard security keys to all users FIDO. So, for the very first time, personal account users could start using a phishing-resistant login method.

• Phishing Resistant Business Accounts: In early 2017, Google introduced settings on enterprise accounts to allow an administrator to force user accounts to use a passkey and disable other sign-in options vulnerable to phishing attacks, such as traditional or one-time passwords (OTP).

• Advanced Protection Program (APP): During the following months of 2017, the company implemented the APP program, under which it offers advanced security features, including security keys, to people in high positions or more exposed to cyberattacks.

• Titan Security Key: In 2018, the Titan security key was released on the Google Store. The product is a response to requests received by the company from people participating in the APP program and other Google users to create a solution developed by Google from start to finish. Titan Security Keys are FIDO compliant and can be used on any website that supports security key login.

• Built-in security keys for mobile devices: In 2019, Google introduced the built-in security key feature on Android. In 2020, the solution was also made available on iPhone.

• Reauthentication without password: In 2019, the giant extended support for the FIDO standard on Android so that it is possible to reconnect on each page using a PIN code or biometric data, without entering a password.

• Preparing for the future without a password: Expanded support for the FIDO standard, announced by Google on May 5, 2022, will enable the implementation of the previously mentioned authentication keys on websites. Industry-wide support for these keys in 2022 and 2023 should enable the creation of an Internet platform where passwords will no longer be required in the future.

We look forward to a future where we use authentication keys to log in. We recognize that it will take some time for this technology to be available on all devices so that website and app developers can use it at scale. In the meantime, we will continue to use traditional passwords, so we intend to constantly innovate existing services and work to make conventional login methods more secure and easier to use.

– summarizes Google

Watch: 1/4 Poles make this mistake. Thieves are just waiting
Watch: Google will benefit smartphone owners with a valuable novelty

Image source: Tero Vesalainen / Shutterstock.com

Text source: Google