Cybersecurity will see a major shift in online security over the next year, as Google announced it is committed to bringing passwordless sign-ins across websites, apps and devices soon – and your phone will be the key.
To push for a passwordless future, Google announced it will be expanding support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. Apple and Microsoft will also be joining the transition from password-only authentication, as a way to protect against phishing attacks and malicious hacking methods.
Google has been pushing for passwordless sign-ins for a while, including on Chromebooks, while Microsoft has also been trying to build “a world without passwords” by bringing SMS code login in 2019. While Google’s 2FA auto-enrolling has led to a 50 % drop in hacked accounts and password managers keep all your accounts secure, a simple passkey used to unlock your online accounts is apparently far more secure.
Coming to Android and Chrome, signing in to online accounts or apps won’t require a password, but rather a simple phone unlock. Your smartphone will store a FIDO credential called a passkey, which is used to unlock your online account. “The passkey makes signing in far more secure, as it’s based on public key cryptography and is only shown to your online account when you unlock your phone,” Google states.
For example, those looking to sign in to a website on their laptop will be prompted to unlock their phone to access the site. Google says you won’t need your phone again as you can sign in by “just unlocking your computer,” but doesn’t say if this is permanent. Passkeys can be transferred to phones via cloud backup, too.
While Google says it will arrive in the coming year, it will be a while before this form of online security will arrive on all devices. Whether this will make password manager apps obsolete or attract new forms of cyber threats, only time will tell. Either way, a passwordless future means easy access to your online accounts with just your phone, similar to 2FA.
One thing’s for sure: you won’t want to lose your phone. Here’s how to find your Android phone and how to find your iPhone.