Passwords are still widely used and will continue to be for some time. However, last year, Google made an important announcement in collaboration with the FIDO Alliance, Apple, and Microsoft. They expressed their commitment to supporting passkeys as an alternative to passwords, providing enhanced security and convenience.
And yesterday, just in time for World Password Day, they began rolling out passkey support for Google Accounts on all major platforms. Passkeys will now be an additional option to sign in with, along with passwords, 2-Step Verification (2SV), and other methods.
What Is a Passkey?
Passkeys are a way to access online accounts without typing in a password.
They consist of a pair of cryptographic keys – a private and a public key; that are incredibly secure and impossible to crack. The public key is shared with the website or app, while the private key stays on your device and is never shared with anyone.
When you’re asked to sign in to an app or website using a passkey, you can approve the sign-in using the same biometric (like your fingerprint or face recognition) or PIN that you use to unlock your device (phone, computer, or security key). The private key of the corresponding passkey stored on the device will be used to authenticate and sign into the service.
Benefits of Passkeys
Passkeys offer several key benefits that improve convenience, ease of use, and enhance security and protection.
1. Protection Against Phishing Attacks
Passkeys are based on FIDO Authentication, which has demonstrated high resistance to a range of threats, including phishing, credential stuffing, and remote attacks. Unlike passwords, passkeys are phishing-resistant. They are specifically bound to the designated website or app, reducing the risk of being tricked by a fake website.
2. Resistance to Brute-Force Attacks
They are designed to be highly resistant to brute-force attacks. Utilizing advanced cryptographic techniques, they render it virtually unfeasible for potential attackers to generate the precise keypair within a finite time frame.
3. Seamless Login Experiences Across Devices and Platforms
Passkeys can be synced across multiple devices via a cloud service. Regardless of whether you’re using a phone, tablet, or computer, you can use the same passkey to access your accounts.
4. Unique and Complex Passkeys for Each Account
Passkeys are generated independently for each service or website you use. This means that even if one account is compromised, the unique Passkey used for that account won’t work for any other service. It compartmentalizes the risk, providing an additional layer of security.
Looking Ahead: Enpass Will Support Passkeys
Today, passkeys are being introduced as the future pathway, but traditional passwords are still in use. To increase the adoption of passkeys, users need an efficient way to manage both. Currently, users have limited options to generate and store passkeys like Apple keychain. A potential challenge for password manager users arises from the inconvenience and complexity of managing passwords and passkeys independently.
At Enpass, our dedication lies in delivering secure and user-friendly credential management solutions for our valued users. As a member of FIDO Alliance, we are currently working on adding support for storing passkeys in Enpass. Once introduced, you will be able to effortlessly use Enpass to manage your passkeys alongside your passwords.
Our users love Enpass for the freedom it provides, allowing them to choose their preferred secure location for storing their vaults. We want to assure you that, even with the introduction of passkeys, Enpass will remain committed to upholding these values, ensuring your trust and satisfaction.