PCWorld (USA)

Chrome now supports passkeys, the password killer

Chrome will support passkeys on Windows, Android, and IOS.


The Google Chrome browser now supports something new to secure your life: passkeys, a stronger, leak-proof version of a password that can use your phone as a token to authorize you to websites.

Passkeys can and will be stored inside the Google Password Manager, or inside apps that support passkeys within future versions of Android, Google said ( fave.co/3urorpj). Passkeys are enabled in the latest version of Chrome in Windows 11, macos, and Android.

Passkeys are surprising­ly easy to understand. You’re familiar with a username and password. The latter should be a complex series of letters and numbers—the longer the password, the more secure it is, in general ( fave.co/3py6ou4).

But once they’re exposed in a breach, they can be surprising­ly easy to crack ( fave. co/3hmwmqc). It’s why a password manager, even a free password manager ( fave.co/3nt9ndq), is the ideal solution—a password manager can generate

pseudo-random passwords and store them securely.

A passkey isn’t a password at all. It’s simply a token that’s stored on your phone. When asked to authentica­te you, the token on your phone communicat­es with the site or app in question. No password is ever used, so no password is ever exchanged or stored.

“A passkey doesn’t leave your mobile device when signing in like this,” Google said. “Only a securely generated code is exchanged with the site so, unlike a password, there’s nothing that could be leaked.” It’s part of an agreement Apple, Google, and Microsoft made in May ( fave.co/3hsvcel).

In the real world, then, here’s an example of what you might see (1):

In the example (a fictional bank illustrate­d by Google), you have the choice of entering a stored password, or using a passkey instead. The user is asked to authentica­te the password by simply using their screen lock, presumably a fingerprin­t reader. One difference here is that some mobile banking apps already allow you to do this. Here, the user is accessing the website itself and is using the same biometric login.

Naturally, you probably wouldn’t use your bank’s website when you could use the (presumably safer) app. But this new capability in Chrome will allow you to replace passwords with passkeys on theoretica­lly any website, provided the site supports them.

On a desktop PC, the process would work in a similar manner. A passkey could replace any site’s password. Here, you would have three options: Log in with Windows Hello via your face or fingerprin­t; log in with your nearby smartphone, much as you would on mobile; or use a USB security key. All three are viable alternativ­es.

Replacing passwords with passkeys won’t happen overnight. But as more sites sign on to using them, passkeys will become more important—and so will your phone, as a digital “wallet” for storing them.

 ?? ??
 ?? ?? In this example, a user uses their smartphone to authentica­te with a passkey while accessing a site on their PC.
In this example, a user uses their smartphone to authentica­te with a passkey while accessing a site on their PC.
 ?? ?? 1.

Newspapers in English

Newspapers from United States