Advertisements

Companies aim to replace traditional passwords by introducing new authentication methods to verify the user’s identity. This helps combat the risk of phishing attacks, password theft, or keylogging attacks, enhances the security of users’ accounts, and makes the sign-in process more convenient. Companies aim to standardize sign-ins using a method that users already use to sign in to their devices, which is more secure than SMS one-time codes.

Tech giants are exploring more secure alternatives, one of which is passkeys that only use biometric data to unlock your device and access your account with a passwordless experience as the next big thing in online security. It’s still in the early stages, and top password managers like Dashlane and 1Password sync it to all your devices, but it will be a while before they become universal. Passkey doesn’t depend on an ecosystem or require a specific device.

Ahead of World Password Day, this has been announced as part of their initiative to move toward a passwordless future. This is faster, stronger, and more secure than passwords, which are vulnerable to hacking and cyber-attacks. Also, passwords are often weak and easy to guess or steal, and they can be compromised in data breaches. The private key stored on your device can’t be intercepted, and hackers can’t use them to identify anything or log in to your account.

With future updates and support for passwordless unlock using other authentications, biometric authentication will make the login process more secure and convenient for users. This is more convenient for users as they no longer require or must enter a master password every time to access the password vault. This feature is quite similar to iCloud KeyChain, which uses end-to-end encryption to keep your Passkey private, which was announced at WWDC 2022 in June and is rolling out to iOS 16, iPadOS 16, and macOS Ventura.

Dashlane’s Passwordless Login

The company has teased this earlier, and now it is finally developing a new feature that allows access to passwords without requiring users to enter a password. Dashlane still has a master key, but with the new passwordless login solution, the company will use device-based or biometric authentication, which includes facial recognition or fingerprint scanners, which means this uses a cryptographic key to authenticate users without requiring them to enter the master key.

Dashlane’s passwordless login differs from passkeys, announced by the FIDO Alliance, backed by major tech giants Apple, Microsoft, and Google. Dashlane uses cryptographic keys, whereas Google’s Passkey uses the FIDO2 standard. The company’s CPO, Donald Hasson, said they haven’t used FIDO2-based passkeys for passwordless login because it wasn’t ready for the masses. Dashlane is also available as a browser extension, which makes it difficult to offer because of ecosystem limitations. Talking about Apple’s iCloud Keychain, designed to work specifically within the Apple ecosystem. Dashlane opted for device-based or biometric authentication to avoid fragmentation and interoperability issues.

The company wants to avoid being locked into one ecosystem with passkey authentication, so they are finding a solution to start working across different operating systems. In the future, the company may add an option to allow users to unlock their vault using passkeys, similar to what 1Password plans to add in the coming months. It will be available on the mobile application, having multiple layers of authentication. First, users are prompted to enter a PIN, and then they can use the device’s biometric authentication. This eliminates the need for a master password while also ensuring that this is safe and secure.

The company is also taking other things into account. If users lose or change their device, they can recover their account from another device or use a recovery key option to have access somewhere else. Do note that free users can only have Dashlane on one device at a time. Google’s upcoming version of Android will support third-party password managers and will support passwordless authentications. After Google supports passkey protection, the industry will get a boost toward passwordless authentication.

Google’s Passkey for Passwordless Login

Google has been working on this for a long time. With the new authentication method, you don’t need a password; you just need to authenticate because the cryptographic key is locally stored on your device. This even works and doesn’t require 2-Step Verification (2SV), an additional layer of security where users need to enter a code sent to their phone or email address. As we mentioned, a locally stored key is used to verify your device using biometric verification, such as a pin code, fingerprint, or face recognition.

Google launched its native solution for a secure alternative to traditional passwords. Passkeys brings support to Google Accounts and will soon be available to Workspace accounts (formerly G Suite, which includes business and enterprise users). This includes 2-Step Verification (2FA). The company recently updated its Google Authenticator with support for cloud sync to have a backup so you won’t be locked out of your account. By pairing your device, the device will generate two unique cryptographic keys. One is the public key registered with Google’s service; the other will be stored locally on your device.

This is quite similar to Microsoft Account authentication. Additionally, if you want to enable it for your Google Account, you can head over to the Google Account website to enroll yourself. Once you have successfully enabled the Passkey, set it up on a supported device. For example, if you have enabled it on a Windows PC with a Passkey for the first time, a QR code will appear that you can scan on your device to finish the setup. You will only be prompted to create a Passkey on your PC that you can use to use Passkey in the future.

Passwordless Login has been announced by Google, Dashlane, and 1Password. This ecosystem-independent solution along third-party support for a secure future.

To set up Passkey:

  • Open the Google Passkey page, which will prompt you to enter your Google Account.
  • After that, click on the “Use Passkey” button, and then click on “Create a passkey for your Google account.” Then tap the “Continue” button to create a Passkey on your device. However, if you have already set up a Passkey on a different device, click the blue “Use another device” button.
  • They will ask you to authenticate using biometric data, pin, or password.
  • Then it will create a Passkey. On the screen, tap on the blue “Done” button.

This is an optional security feature for Google accounts to log in on multiple devices. The company will start rolling out the Passwordless sign-in process across all major platforms for all its services. This means the company will start promoting the Passwordless login and will have the option to use a Passkey instead of a password when logging in. This will ensure that only logging in from trusted devices and their account credentials are not being shared or stolen. Google has rolled out Passkey support for Android and Chrome and appeared on Android 14 Developer Preview 2.

Not to mention, Google’s apps and services still support passwords. You can still use your traditional password to access your Google account. If you lose your device, you can revoke this from the Google account Passkey in settings, but it is also recommended to wipe it. Google Passkey is available on all devices by enrolling in their Additional Protection Program, and this will also be synced across logged-in iCloud services for users of Apple devices, which makes it easier for users to upgrade from one device to another.

Supported devices:

  • Google with Chrome 109+, Android 9+, and ChromeOS 109+
  • Apple: Safari 16+, iOS 16, and macOS Ventura
  • Microsoft: Edge 109+, and Windows 10/11

Passkeys on iOS and Mac devices sync with iCloud Keychain. As it is a supported feature, integration is compatible with Apple devices that support the feature and other devices that support the industry standard. This means it is also supported on Apple devices where logins are authenticated with Face ID or Touch ID. Some other supporting apps and websites include PayPal, Best Buy, eBay, Kayak, and Dashlane. Service-side support for passkey login is currently limited but will increase shortly.

You can also use a hardware security key like YubiKey to make it more secure and convenient, or any physical security key like a USB key or Bluetooth-enabled device for users. Google’s Password Manager can also sync and save other Google accounts like Gmail and YouTube, making it easier for multiple services.

1Password

The company has joined the FIDO Alliance, and this password management tool allows users to organize and promote passwordless authentication solutions. With the new solution, even if your account gets hacked, there is no chance the attacker will have access to the user’s vault since the encryption key for the user’s vault is not stored by 1Password. The company offers support for storing and auto-filling passkeys, which will be available later this summer.

Password Manager on Google Chrome

Passwordless Login has been announced by Google, Dashlane, and 1Password. This ecosystem-independent solution along third-party support for a secure future.

After all the passwordless login, Google Chrome updated with a new password manager, which could be a good alternative to password managers since it has a native built-in password manager utility in popular browsers like Google Chrome. This free password manager could easily help you log in to your favorite websites without remembering each password.

This is not one of the most secure password managers, but you can save passwords through the Google Password website. To use this feature, download and install Chrome Canary v115.0.5742.0. You can find the new badge for the Password Manager from the settings. This includes the autofill and password menu and is expected to roll out to the stable version of Chrome.

x
Advertisements