Passkeys are here to (try to) kill the password. Follow Google roll out beta For the feature in October, passkeys are now coming to Chrome M108 stable. Passkey is built according to industry standards and is supported by all the major platform vendors – Google, Apple and Microsoft – together with the FIDO Alliance. Google’s latest blog reads: “With the latest version of Chrome, we’re enabling passkeys on Windows 11, macOS, and Android.” Google Password Manager on Android is ready to sync all your passkeys to the cloud, and if you can meet all the hardware requirements and find a support service, you can now sign into something with a passkey.
Passkeys are the next step in the evolution of password managers. Today’s password managers are a bit of a hack – originally a human was supposed to manually type text into a password text box, and you were expected to remember your password. Subsequently, password managers began to automate typing and saving, making it convenient to use longer, more secure passwords. Today, the correct way to handle a password field is to have your password manager generate a string of random, unimportant, unrememberable characters to stick in the password field. The passkey gets rid of the old textbox interface and instead stores a secret and passes that secret to a website and if it matches, you’re logged in. Instead of passing a randomly generated string of text, passkeys use “WebAuthnstandard for generating a public-private key pair, just like SSH.
If everyone can figure out compatibility issues, passkeys offer some big advantages over passwords. While passwords can be used insecurely with short text strings shared across many sites, the passkey is always enforced to be unique in content and secure in length. If a server breach happens, the hacker won’t get your private key, and it’s not a security issue as the leaked password would be. Passkeys are not foolproof, and because they require your phone to be physically present (!!) some random hacker from halfway around the world can’t log into your account anyway.
So let’s talk about compatibility, starting with the phone requirements. Passkeys require an Android or iOS smartphone, even if you’re logging into a laptop or PC. The first time you set up an account on a new device, you’ll need to verify that the authentication device—your smartphone—is very close to whatever you’re signing into. Proximity verification This happens via Bluetooth. All passkey people are truly Aggressive about noting that sensitive data isn’t transferred over Bluetooth — it’s only used for proximity checking — but you’ll still need to deal with Bluetooth connectivity issues to get started.
When you sign into an existing account on a new device, you’ll also need to choose which device you want to import a passkey from (most likely your phone, too)—if both devices are in the same large tech ecosystem, hopefully you’ll see a good device menu, but if not That being the case, you will have to use a QR code.
The second big problem: Did everyone spot that OS menu at the top? Google supports Windows 11 with passkeys — not Windows 10 — which would make this a hard sell. Statistics counter It has Windows 11 at 16 percent of the total Windows install base, with Windows 10 at 70 percent. So if you create a passkey account, you can only sign in on newer Windows PCs.
Passkeys are stored in each platform’s built-in keystore, so that’s Keychain on iOS and macOS, Google Password Manager (or a third-party app) on Android, and “Windows Helloon Windows 11. Some of these platforms have keys sync across devices, some don’t. So signing in to an Apple device has to sync access to your passkeys to other Apple devices via iCloud, and the same is true on Android Via a Google account, but not Windows, Linux, or Chrome OS. By the way, syncing is your escape hole if you lose your phone. Everything is still backed up to your Google or Apple account.
Google’s documentation mostly doesn’t mention Chrome OS at all, but Google says, “We’re working on enabling passkeys [Chrome for] iOS and Chrome OS. “There is, too no support Android apps yet, but Google is also working on it.
Now that this is already running on Chrome 108 and a supported OS, you should be able to see the passkey screen under the Autofill section of Chrome Settings (or try pasting chrome://settings/passkeys into the address bar). Next, we’ll need more websites and services to support using a passkey instead of a password to log in. Google Account support would be a good first step — you can now use a passkey for two-factor authentication with Google, but you can’t replace your password yet. Everyone’s example of passkeys is the passkeys.io The demo site, for which we have step-by-step instructions over here.