Support

Explore

HomeNo Image is Available
About UsNo Image is Available
AuthorsNo Image is Available
TeamNo Image is Available
CareersNo Image is Available
InternshipNo Image is Available
Contact UsNo Image is Available
MethodologyNo Image is Available
Correction PolicyNo Image is Available
Non-Partnership PolicyNo Image is Available
Cookie PolicyNo Image is Available
Grievance RedressalNo Image is Available
Republishing GuidelinesNo Image is Available

Languages & Countries :






More about them

Fact CheckNo Image is Available
LawNo Image is Available
ExplainersNo Image is Available
NewsNo Image is Available
DecodeNo Image is Available
Media BuddhiNo Image is Available
Web StoriesNo Image is Available
BOOM ResearchNo Image is Available
BOOM LabsNo Image is Available
Deepfake TrackerNo Image is Available
VideosNo Image is Available

Support

Explore

HomeNo Image is Available
About UsNo Image is Available
AuthorsNo Image is Available
TeamNo Image is Available
CareersNo Image is Available
InternshipNo Image is Available
Contact UsNo Image is Available
MethodologyNo Image is Available
Correction PolicyNo Image is Available
Non-Partnership PolicyNo Image is Available
Cookie PolicyNo Image is Available
Grievance RedressalNo Image is Available
Republishing GuidelinesNo Image is Available

Languages & Countries :






More about them

Fact CheckNo Image is Available
LawNo Image is Available
ExplainersNo Image is Available
NewsNo Image is Available
DecodeNo Image is Available
Media BuddhiNo Image is Available
Web StoriesNo Image is Available
BOOM ResearchNo Image is Available
BOOM LabsNo Image is Available
Deepfake TrackerNo Image is Available
VideosNo Image is Available
Explainers

Google Is Dumping Passwords: What Does It Mean?

With Google's transition to biometric passkeys, what does the company's privacy policy state regarding the storage and protection of users' sensitive information?

By - Hera Rizwan | 11 Oct 2023 4:52 PM IST

Google has announced that passkeys will now be the default sign-in method for all users, marking the beginning of the end for passwords. The company announced, on Tuesday, that people will no more need a password to securely sign in to accounts.

Passkeys enable users to log in to apps and websites using a biometric sensor (such as facial recognition or fingerprint) or a PIN. In contrast to passwords, they are resilient to online threats such as phishing, rendering them a more secure option than methods like SMS one-time codes.

The search engine giant said that the move is being executed after it received positive feedback from users. Google, which introduced passkeys in May, has stated that they offer a more secure and efficient alternative to traditional passwords, eliminating the need for individuals to memorise multiple passwords.

What do we know about passkeys?

Passkeys are a fast, secure, and passwordless approach to logins that utilises the pin, face, or fingerprint authentication built into our devices. By default, Google account users will receive a prompt to generate a passkey for their account, eliminating the need to manually search through account settings to initiate the setup process.

Although the overarching aim across the company is to eventually establish passkeys as the primary login standard, Google emphasises that passwords will continue to be in use during this transition.

Therefore, users can retain the option to log in to their Google account using conventional passwords, and they have the choice to opt out of using passkeys entirely by disabling the "skip password when possible" setting for their account.

While creating a passkey, two distinct keys are generated: one is retained by the website or service linked to the account, and the other is a private key stored on the device which is used to authenticate the identity.

Passkeys created on Android are backed up and synced with Android devices that are signed in to the same Google Account, in the same way as passwords are backed up to the password manager. Consequently, when users switch to new devices, their passkeys accompany them, ensuring a seamless transition.

Privacy concerns around passkeys

Of late, passkeys are being leveraged by a growing array of apps and companies. Companies such as YouTube, Uber and eBay enable users to opt for passkeys for their sign-ins.

Since a sign in with biometric is required, it might give users an impression that this is sending sensitive information to the server. Additionally, concerns surrounding biometrics are not new. As biometric data is irreplaceable, organisations which collect it in the name of privacy, need to treat these data with increased security and caution. While it's possible to change a compromised password or PIN, the same isn't true for an individual's physiological biometrics.

Furthermore, when biometric data is transformed into digital records and stored, especially in regions or nations with extensive surveillance practices, individuals can run a risk of creating an enduring digital footprint that malicious entities could potentially trace.

Addressing these concerns, Google has stated that "biometric material will never leave the user's personal device". It also added that passkeys on their own don't allow tracking users or devices between sites. "Passkey protocols are carefully designed so that no information shared with sites can be used as a tracking vector. Passkey protocols are carefully designed so that no information shared with sites can be used as a tracking vector," the blog read.

The passkeys will be stored in Google Password Manager, where they will be encrypted end-to-end. The company clarified, "Only the user can access and use them, and even though they're backed up to Google's servers, Google can't use them to impersonate users."


Tags: