Passkeys: The successor to passwords is about to get much simpler


No complex password needed – you just log in to a service by confirming a prompt with your fingerprint on your phone. Passkeys, the new log-in protocol touted as the successor to passwords, are now getting smarter. — Andrea Warnecke/dpa

BERLIN: Passkeys, the user-friendly, passwordless login procedure touted as the successor to the passwords we still manually type in today, is getting a long-awaited feature.

Anyone who has set up a passkey on one device can now easily move it (in encrypted form) between different devices, operating systems or password managers.

To this end, the responsible Fido Alliance has announced new specifications for the import and export of passkeys: the Credential Exchange Protocol (CXP) and the Credential Exchange Format (CXF).

Industry giants like Apple, Google, Microsoft and Samsung as well as manufacturers of password managers such as 1Password, Bitwarden, Dashlane, Enpass and Nordpass are involved in the development of the specifications.

As such, broad software support for the import and export of passkeys across programmes and operating systems is to be expected.

How do passkeys work?

At the heart of passwordless authentication is the so-called public key cryptography with two key pairs. One private key is stored by the user. The other – public – key is stored by the service provider, in this case Google.

After creating a passkey for your Google account, for example, you can in future log in by simply selecting that passkey without having to provide a username and a password anymore.

To make sure only you can use the key, you will then be asked to unlock your device with a biometric sensor like a fingerprint or facial recognition, a PIN code or a pattern, which you can use for all passwordless logins.

If you want to enable passkeys for your Google account, you have to enable the function in the account settings. In addition, your browser and, if needed, the operating system also have to support passkeys.

Google says "passkeys are intended to be used through operating system infrastructure that allows passkey managers to create, backup, and make passkeys available to the applications running on that operating system."

Android, Chrome, Windows and Apple iOS

Google has been developing the feature on Chrome for some time. The same applies to Android (from version 9), where the passkeys are stored in the Google Password Manager. The programme also allows you to synchronise your passkeys between different Android devices which are signed into the same Google account.

Passkeys are also supported by Microsoft for Windows and by Apple for macOS and iOS. Here, logging into your Google account becomes somewhat more complex, however.

Passkeys created on iOS devices or in Safari on macOS, for example, are stored in the iCloud keychain. Chrome used on Windows saves passkeys in Windows Hello. Passkeys created in Chrome on Android end up – as already mentioned – in the Google Password Manager.

Now, however, it is also possible to synchronise passkeys across devices and operating systems without difficulty. – dpa

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Iran restores access to WhatsApp and Google Play after they were banned amid protests
OpenAI unveils artificial intelligence that can 'reason' through math and science problems
Signify ordered by court to recall products infringing on patents, Seoul Semiconductor says
Telegram and WeChat first to initiate licensing to operate in Malaysia
Japan Airlines delays flights after cyberattack
Japan airlines experiencing issues due to cyberattack
The war on wildfires is going high-tech
Opinion: Why I’m getting rid of my smartwatch
How smartphones powered the AI boom in 2024
JAL's systems back to normal after cyberattack delayed flights

Others Also Read