Google has unveiled a huge update that signals ‘the beginning of the end’ for using passwords to access Gmail accounts.
The web giant has started to roll out its new passkey technology, which will allow billions of users to sign in to websites and apps the way they unlock a device — with a fingerprint, face scan or a device PIN that can verify their identity.
It is expected that the new type of online sign-in will eventually replace passwords, although it will be a while before this happens because the technology is still in its infancy.
Experts say it will allow people to access and use their new password-less sign-in credentials – or passkey – across different devices.
This will prevent them from having to sign in to every account again on each device, reducing the risk of using easily-guessable passwords and therefore creating a more secure system.
The technology has also been rolled out in Apple’s iOS16 and the latest MacOS release, while Microsoft has been running it through the Authenticator app.
Ebay, PayPal and Docusign are already using the passkey, too, along with a number of other businesses.
It was created by industry body the FIDO (Fast Identity Online) Alliance and World Wide Web Consortium, with Google, Apple and Microsoft the primary drivers.
The tech giants said the new system also allows people to use a fingerprint or facial scan authentication on their smartphone as a way of signing in on another device nearby, regardless of which operating system or browser they are running.
This is a feature already in place for Apple devices, where someone wearing an Apple Watch can unlock a phone or MacBook.
This reduces the need for people to remember a wide range of username and password combinations to log in to different services, which has often led to passwords being reused across multiple accounts.
Experts have previously warned that this is one of the biggest security risks in the digital world.
Users can create and store a passkey on any compatible device they use – such as iPhones running iOS16 and Android devices running Android 9.
They will also be able to share it to other devices from the OS using services such as iCloud or password managers like Dashlane and 1Password.
To set one up, visit g.co/passkeys.
Enter your password to access your account, then click ‘Create a passkey’.
You will be asked to select ‘Continue’ to set one up for the device you are using, or ‘Use another device’ for a different one.
Once you’ve done this, you will be asked to place your fingerprint on your device as you normally would to unlock it, at which point the passkey will be created.
If at any point you suspect someone else can access your account, or if you lose the only device that the passkey is stored on, you can revoke passkeys in the Google account settings.
The technology works by storing a cryptographic private key on a user’s device, while there is a corresponding public key uploaded to Google.