Now that Google has started rolling out passkeys for personal Google Accounts, it’s going even further and allowing Workspace and Cloud customers with a new authentication option that powers passwords and 2FA codes. With this, passkeys will be available to more than 9 million businesses, schools and government organizations. Google notes that it is the first public cloud service provider to offer customers this option.
With identity keys, users can get rid of traditional passwords and verification codes sent during two-factor authentication without having to give up a secure identity. Instead, they can authenticate themselves from the device marked as secure with a PIN or some other biometric identifier, so the identification is done locally on the device.
Password-only authentication is one of the biggest security issues, and many users don’t pay attention to the risks of password reuse or turning on two-factor authentication. Device-based physical login makes it more difficult for hackers to crack remote login credentials, making it more difficult to execute phishing attacks that redirect users to a fake password-stealing website. Thus, authentication keys can significantly reduce the risk of phishing or other social engineering attacks for businesses as well.
The search giant will gradually make the option to enable access keys available in an open beta over the next few days. Over time, Workspace admins will also see the necessary console controls to enable the option within their organization—since the setting will be turned off by default, admins will need to activate it manually.
the Googlethat it apple and the Microsoft They announced last year that they would soon support the FIDO (Fast IDentity Online) login standards developed by the FIDO Alliance and the World Wide Web Consortium on all their respective platforms, whether mobile phones, computers or browsers, and an important step is to make identification keys available. With this step, passwordless login can become a part of more and more services. By setting up an ID key, unlocking the phone with any default action – entering a PIN, drawing a pattern or unlocking with a fingerprint – is enough to log into web services without having to enter a password, thanks to an encrypted token shared between the phone and the website .
Apple began taking steps to allow iPhones to sign into any supporting website or app in September, and PayPal rolled out password support on iOS in October, followed by Shopify, Kayak, and DocuSign.
