The first Thursday of May each year is World Password Day, which explains all the password-related announcements we saw this week. First, 1Password 8 for Mac launched with a few big new features. Then, Google started rolling out its Google Assistant password-changing feature. More importantly, Apple, Google, and Microsoft have announced plans to support passwordless sign-in.
That last one is a massive cross-platform initiative that will bring us closer to killing passwords. In turn, this could significantly boost the security of online accounts, making them a lot harder to hack. It’ll take some time for websites and apps to support passwordless sign-in. But Google already gave us an idea of how it’ll all work.
Proper password practices can help prevent hacks right now. You don’t need passwordless sign-in options if you’re already using unique, long passwords in connection with a password manager like 1Password or LastPass. These passwords are much harder to hack, especially if you add two-factor authentication (2FA) to as many accounts as possible.
But hacks still happen. You might still fall for smart phishing attacks or other social engineering attacks that might expose your accounts to hackers. Then there are hacks that target companies directly, which means hackers can steal your private data from a service provider.
But the passwordless sign-in support coming to Apple, Google, and Microsoft devices might make it even harder for hackers to get into your accounts.
How Google’s passwordless sign-in feature will work
Google detailed its passwordless sign-in feature in a blog post that confirmed big tech’s partnership with FIDO to implement it.
The company said that passwordless support for the FIDO sign-in standard is coming to Android and Chrome this year.
Google went ahead and detailed the passwordless sign-in experience that you can expect. Your smartphone will play a central role in authenticating users in apps and services without a password.
“When you sign into a website or app on your phone, you will simply unlock your phone — your account won’t need a password anymore,” Google wrote.
The smartphone will contain a FIDO credential called a passkey. This is the item used to unlock your online account instead of a password. The passkey is “based on public key cryptography and is only shown to your online account when you unlock your phone,” according to Google.
To take advantage of Google’s passwordless sign-in on a computer, you’ll need a phone nearby. You’ll also have to unlock your phone to access your account. “Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer,” Google said.
The company also explained that losing your smartphone doesn’t mean you’ll lose passwordless sign-in support. The passkeys are stored in the cloud, and they’ll sync with new devices.
Some security issues still remain
Google is aware that the transition to passwordless sign-in will take time, as websites and apps have to implement it. Therefore, you’ll still use passwords for many services as you start adopting passwordless sign-in on others. Consequently, you should continue to practice the best practices for password management that we mentioned before.
Also, once passwordless sign-in is ready, you should ensure that you use strong passwords on your physical devices, like smartphones and computers. The computer sign-in that Google detailed above is an example of where things can go wrong. If you don’t password-protect your smartphone, a thief can steal it and log into any accounts that use passwordless sign-in.
That said, we’re still in the early days of passwordless sign-in. Apple, Google, and Microsoft will further explain the feature in the coming months.
More Pixel coverage: For more Pixel news, visit our Pixel 6 guide.