The functionality will be available for general users of the company’s app store and a browser later this year
New Delhi, NFAPost: Passkeys will replace passwords as they are safer and provide better protection against phishing attacks, said Google’s vice president Parisa Tabriz, Business Standard reported.
The technology giant Google has recently introduced the passkeys feature for the operating system Android and the popular web browser Google Chrome. The new functionality was launched for members of Google Play Services Beta and Chrome Canary, while it will be available for general users later this year, the company said on October 12.
A passkey is a digital credential, linked with the user account and a website or application. It allows users to authenticate without entering a username, or password, or providing any additional authentication factor. The technology aims to replace legacy authentication mechanisms such as passwords.
Users can create and use passkeys on Android devices, which are securely synced through the Google Password Manager. Developers can build passkey support on their sites for end-users using Chrome via the WebAuthn API – a web standard published by the World Wide Web Consortium – on Android and other supported platforms.
Passkeys work across different platforms and browsers including Windows, macOS and iOS, and ChromeOS, with a uniform user experience.
Tabriz, who heads engineering, product, and design at Google Chrome, said Passkeys could bring a safer alternative for passwords as they cannot be reused, do not leak in server breaches, and protect users from phishing attacks.
She added that nearly half of workers spend the majority of their day working on browser-based software applications making it crucial to protect the browsers. “More than 5 Billion devices are automatically protected by Google Safe Browsing worldwide. We are also providing APIs for helping other browsers protect their users.”
Passkeys are built on industry standards and work across different operating systems and browser ecosystems, and can be used for both websites and apps. Tabriz said the auto-fill password along with existing device screen locks such as the fingerprint to confirm log-in may take down the number of phishing incidents significantly.
“Some of what we are building in chrome is auto-fill the password. We still have ways to grow, but we have improved auto-filled features. We have also recently launched virtual credit numbers, which replace the physical card number with a unique virtual card number for protecting online payments,” Tabriz said.
She said the cyber security threats including phishing attacks were rising in recent times, since the beginning of the Russia-Ukraine conflict. “Google has also introduced a free defence program called Project Shield, under which over 200 Ukranian websites have been protected from Denial of service attacks. Global ransomware damages are expected to exceed $30 billion by 2023. Asia is one of the worst impacted regions with 26 per cent of global attacks directed towards Asia,” Tabriz said.
Google has also introduced the Chrome vulnerability reward program to find out security bugs present in its system. More than 500 security-related bugs have been reported as of now, while 696 researchers have received rewards worth $8.7 million for finding out vulnerabilities. “We cannot completely eliminate bugs from our systems, but we continuously reduce them as we launch the newer version of Chrome,” Tabriz said.