Google announced that, starting today, its users will be able to create and use access keys in the company’s personal accounts. This way, Google will no longer ask for your password or two-step verification when you sign in. Find out more in this note!
Are you forgetting your passwords and having to write them down somewhere? Well, it may be that the access keys you started offering Google be of great help to you. What are they? A new cryptographic key solution that requires a previously authenticated device and which, according to the technology giant, are “the easiest and most secure way to sign in to apps and websites”. We tell you the details below.
Google advertisement that, starting today, you will be able to create and use access keys in your personal account on all the main platforms and that, when you do it and you have to log in, you will not need to enter your password or double verification steps (2SV). This is something the company has been working on since last year, together with FIDO Alliance, Apple and Microsoft.
As explained Googleaccess keys allow users to sign in to apps and sites the same way we unlock devices: with a fingerprint, face scan, or screen lock PIN. “And unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like one-time SMS codes.”they commented.
This biometric data is not shared with Google (or with any other third party), and the access keys only exist on your devices, which provides greater security and protection, since there is no password that can be stolen in a phishing attack. This is one of the reasons why the company added these keys to its system: to troubleshoot and prevent phishing attempts and targeted attacks like “SIM swaps” for SMS verification. While having 2SV helps, that method still doesn’t fully protect against those types of attacks.
How does it work? When you add an access key to an account Google, the platform will start asking for it when you log in or when it detects potentially suspicious activity that requires additional verification. These keys are stored on any compatible hardware, such as iPhones with at least iOS 16 and devices Android with Android 9while biometric data will never be shared with Google nor with any other third party. The screen lock only unlocks the passkey locally.
Now, using access keys does not mean that you have to use your cell phone or computer every time you log in. If you use several devices you can create a key for each one. Also keep in mind that some platforms back up your access keys and sync them with other devices you own. So if, for example, you create an access key in a iphonethat key will also be available on your other devices Manzanaif you are logged into the same account iCloud. This prevents you from being locked out of your account if you lose a device.
In the event that you want to sign in to a new device for the first time, or temporarily use someone else’s, you can use a passkey stored on your phone to do so. In that new device you have to select the option “use a passkey from another device” and follow the directions. This does not transfer the access key, but only uses your phone’s screen lock and proximity to approve a single sign-on.
Google Note that if you sign in to a device that is shared with others, you should not create a passkey there, as anyone who can access and unlock that device can sign in to your account. Google. However, if you lose a device with an access key or you think someone else can unlock it, you have the possibility to immediately revoke the keys in the account settings of Google.
It should be noted that the creation of an access key in your account Google (which you can try in g.co/passkeys) is just an option to login. Existing methods, including your password and two-step verification, will continue to work if you need them.