Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Like a warm Costco mini-pizza, people might not know that they want a passkey until it’s right in front of their faces.
During a May discussion led by authentication provider Okta, one panelist said login developers need to change their mindset and make passkeys more than another password alternative.
Passkeys should, in fact, be the standard, Vishnu Allaparthi, partner of cyber, risk, and regulatory practice at the pro-services firm PwC, told attendees on the call.
In the free-sampling spirit, Google announced that its Workspace and Cloud users have the choice to log in with passkeys. The move, an open Beta program that allows more than 9 million organizations to sign in to Google Workspace and Google Cloud accounts with the digital credentials, demonstrates a further poke at the password, as another big player provides the alternative login.
“While users can still continue using passwords to sign in to their work and personal Google Accounts, passkeys can offer a simpler and more secure alternative and can reduce the impact of phishing and other social engineering attacks,” said Jeroen Kemperman, product manager, Google Workspace and Shruti Kulkarni, engineering manager, Google Workspace in a June 5 blog post.
In early May, Google made passkeys available for personal accounts.
What-ski?
- A passkey is a unique handshake between an end user and their destination. After a push notification is sent, the individual uses a biometric or PIN authenticator to create their public login key.
- At subsequent logins, only the authenticator is required—no password. If the token is somehow compromised, the credential is only valid for the one login connection—unlike passwords, which often get reused.
- The passkey itself is stored on the individual’s local device or computer, which will ask for biometrics or PIN to confirm identity.
Momentum123. Aside from the security benefit of avoiding reused passwords, the option is a potentially fast one. In March and April of 2023, Google data demonstrated a 4x success rate for passkeys over passwords. (And a sign-in speed of 14.9 seconds.)
In May 2022, Apple, Google, and Microsoft all announced a commitment to building passwordless sign-options to their platforms. Apple, for example, released its passkey implementation with iOS 16.
Google’s digital-credential options brings more momentum to passwordless passing the password, or at least existing alongside it:
“I do believe in the next three to five years, the vast majority of consumer services will offer password-free sign-in options,” said Andrew Shikiar, executive director and chief marketing officer at the global consortium and open-standard maker FIDO Alliance, during the Okta-led meeting in May.
“And, of course, our hope is that those will rely on things like passkeys,” Shikiar told attendees.