Tech giant Google has finally started rolling out passkey support in Chrome with stable build 108 for better security. These are intended to replace the traditional passwords.
After announcing the end of passwords on Chrome a few weeks ago, Google is finally starting to roll out access keys to its internet browser. Take effect, Google Chrome update 108 finally supports passkeyswhich are considered future replacements for passwords.
What are access keys?
For those who don’t know, Access keys are unique digital keys that are easy to use, but above all more secure than passwords. These are not stored on a web server, but locally on your device. Access keys are therefore digitally encrypted credentials linked to an application or a web account.
To log in with an access key, users will need to authenticate in the same way they unlock a device. So, for example, if you want to connect to one of your accounts on Google Chrome, it will now be possible to do so thanks to biometric authentication. In other words, you just have to use your face with Face ID or your fingerprint instead of writing down a traditional password.
Access keys can therefore be compared to two-factor authentication. When you want to log into your account on a new device, such as a computer, you must prove your identity using your main device: your smartphone. As you can already do, for example, by accepting a payment on your online banking application, you must use the fingerprint registered on your smartphone to log in to your accounts on Google Chrome.
Access keys will put an end to hacks
While passwords can be used insecurely with short strings of text shared across many sites, an access key should always be unique in content and secure in length.
Despite the need for strong passwords, some Internet users still prefer the simplest strings of characters. In 2022, “123456” still tops the list of most used passwords on the planet, as does the term “password” itself. However, the basic rule is still to choose a password that hackers are unlikely to guess.
If a server is broken, the hacker doesn’t get your private key and it’s not a security issue as a password leak would be. Access keys can’t be hacked, and because they require your phone to be physically present, it’s impossible for a hacker to take control of one of your accounts.
To notice it access keys are synchronized via Google Password Manager (or any other supported credential manager) on Android. Once saved, the new option will automatically appear during login. Chrome for Android simply asks if you want ” Use saved password or access key “, the latter requiring biometric authentication (face or fingerprint).
On Windows, access keys are stored in Windows Hello, and on iOS and macOS in the Keychain app. Some of these platforms allow synchronization of keys between devices, others do not. In fact, logging in on an Apple device should sync your passkey access to other Apple devices via iCloud, and the same goes for Android via a Google account. However, it will not work on Windows, Linux or Chrome OS.