SAN FRANCISCO (AP) – Good news for all the password crunchers out there: Google has taken a big step to make them an afterthought by adding “passkeys” as a simpler and safer way to log into its services.
Here’s what you need to know:
WHAT ARE THE PASSIONS?
Passwords use a more secure alternative to passwords and text confirmation codes. Users will never see them directly; instead, an online service like Gmail will use them to communicate directly with a trusted device like your phone or computer to log you in.
All you have to do is verify your identity on the device with a PIN unlock code, biometrics such as your fingerprint or face scan or a more sophisticated physical security dongle.
Google designed its passwords to work with a variety of devices, so you can use them on iPhones, Macs and Windows computers as well as Google’s own Android phones.
WHY ARE PASSIONS NEEDED?
Thanks to clever hackers and human infallibility, it is all too easy to steal or crack passwords. And making them more complicated just opens the door for users defeating themselves.
First, many people choose passwords that they can remember – and easy-to-remember passwords are also easy to hack. Over the years, analysis of hacked password caches found that the most commonly used password was “password123.” A later study by the NordPass password manager found that it is now just a “password.” This is not fooling anyone.
Passwords are also often compromised in the event of security breaches. Stronger passwords are more secure, unless you choose ones that are unique, complex and obscure. And once you’ve set “erVex411$%” as your password, good luck remembering it.
In short, passwords put security and ease of use directly at odds. Software-based password managers are valuable tools that can create and store complex passwords for you, which can improve security. But even password managers have a master password that you need to protect, and that leads you back into the swamp.
In addition to avoiding all these problems, passwords have one additional advantage over passwords. They are specific to specific websites, so scammer sites can’t steal a password from a dating site and use it to raid your bank account.
HOW DO I START USING PASS?
The first step is to enable them for your Google Account. On any trusted phone or computer, open the browser and sign in to your Google account. Then visit the g.co/passkeys page and click on the option to “start using passwords.” Voila! The passkey feature is now activated for that account.
If you’re on an Apple device, you’ll first be prompted to set up the Keychain app if you’re not already using it; it securely stores passwords and now passwords as well.
The next step is to create the actual passwords that will connect your trusted device. If you’re using an Android phone that’s already logged into your Google Account, you’re most of the way there; Android phones are automatically ready to use passwords, although you still have to enable the function first.
On the same Google account page mentioned above, look for the “Create password” button. If you press it, a window will open and allow you to create a password on your current device or another device. There is no wrong choice; the system will only notify you if that password already exists.
If you’re on a computer that can’t create a password, it will open a QR code that you can scan with the standard cameras on iPhones and Android devices. You may need to move the phone closer until the “Set password” message appears on the image. Tap that and you’re on your way.
AND THEN WHAT?
From that point on, you’ll just need to enter your email address to sign into Google. If you’ve set up a passkey correctly, you’ll get a message on your phone or other device asking you to enter your fingerprint, face or PIN.
Of course, your password is still there. But if passkeys become, chances are you won’t need it much. You can even choose to delete it from your account someday.