uTalk

thrive

Member

Registered: 2023-01-04

Posts: 2,068

Google Unveils Passkey-Based Secure Sign-In for Google Accounts

Google has started rolling out the passwordless option for Google Accounts across all platforms, nearly five months after adding support for passkeys to its Chrome browser.

The FIDO Alliance-supported Passkeys are a more secure alternative to using a traditional password to sign in to apps and websites. This is then accomplished by merely using their biometrics (e.g., their fingerprints or iris scans) to unlock their computer or mobile device. g. , fingerprint, or facial recognition) or a personal identification number (PIN).

Additionally, unlike passwords, passkeys are immune to online threats like phishing, making them more secure than things like SMS one-time codes, according to Google.

Once generated, passkeys are kept on the device locally and are not shared with anyone else. Due to the fact that it establishes that "you have access to your device and are able to unlock it," setting up two-factor authentication is also unnecessary. ".

In order to log into their Google Accounts on multiple devices, users can also choose to create passkeys. Having said that, a passkey generated on one device will be synced to all other devices owned by users running the same operating system (i.e. e. , iOS/macOS, Android, or Windows) and if they are logged into the same account. Passkeys are not actually interoperable when viewed in that context.

It's important to note that Google Password Manager and iCloud Keychain both employ end-to-end encryption to safeguard the passkeys, preventing users from being locked out in the event that they misplace their devices or making it simpler to upgrade from one device to another.
The question is could this be another passwordless or password manager that will be vulnerable to attack?

joanna

Member

Registered: 2023-01-10

Posts: 2,494

Re: Google Unveils Passkey-Based Secure Sign-In for Google Accounts

The question is could this be another passwordless or password manager that will be vulnerable to attack?

Every password manager is vulnerable to attack no matter how secure the creator of it may claim because they are most valuable online and everything that's available online can be vulnerable anytime unless there is a team working 24/7 to secure it.

full

Member

Registered: 2023-01-06

Posts: 1,211

Re: Google Unveils Passkey-Based Secure Sign-In for Google Accounts

The question is could this be another passwordless or password manager that will be vulnerable to attack?

Every password manager is vulnerable to attack no matter how secure the creator of it may claim because they are most valuable online and everything that's available online can be vulnerable anytime unless there is a team working 24/7 to secure it.

If there's a team working on securing it is not enough if they are not updating the system hand-in-hand so that the system will always be ahead of hackers that may be targeting the ecosystem.

Detroit

Member

Registered: 2022-12-27

Posts: 1,485

Re: Google Unveils Passkey-Based Secure Sign-In for Google Accounts

The question is could this be another passwordless or password manager that will be vulnerable to attack?

Every password manager is vulnerable to attack no matter how secure the creator of it may claim because they are most valuable online and everything that's available online can be vulnerable anytime unless there is a team working 24/7 to secure it.

Very true.  But we need to understand that in all things there's always a lobe hole. You can forget it if you use your head, and you can lose the paper where you kept it if your house gets burned down. They're so many what-ifs and maybes.  When just need to face our fears.

oba

Member

Registered: 2023-01-13

Posts: 1,858

Re: Google Unveils Passkey-Based Secure Sign-In for Google Accounts

The question is could this be another passwordless or password manager that will be vulnerable to attack?

Every password manager is vulnerable to attack no matter how secure the creator of it may claim because they are most valuable online and everything that's available online can be vulnerable anytime unless there is a team working 24/7 to secure it.

If there's a team working on securing it is not enough if they are not updating the system hand-in-hand so that the system will always be ahead of hackers that may be targeting the ecosystem.

After the news of several attacks that were successfully launched on LastPass last year, I don't think it is smart to totally trust any password manager this day to prevent another data breach.

Vastextension

Member

Registered: 2022-11-19

Posts: 2,009

Re: Google Unveils Passkey-Based Secure Sign-In for Google Accounts

Every password manager is vulnerable to attack no matter how secure the creator of it may claim because they are most valuable online and everything that's available online can be vulnerable anytime unless there is a team working 24/7 to secure it.

If there's a team working on securing it is not enough if they are not updating the system hand-in-hand so that the system will always be ahead of hackers that may be targeting the ecosystem.

After the news of several attacks that were successfully launched on LastPass last year, I don't think it is smart to totally trust any password manager this day to prevent another data breach.

Meanwhile,  LastPass was not the only password manager that has been hacked, and for the record Dashlane, Keeper, 1Password, and RoboForm have been hacked either.

level

Member

Registered: 2023-01-19

Posts: 1,354

Re: Google Unveils Passkey-Based Secure Sign-In for Google Accounts

If there's a team working on securing it is not enough if they are not updating the system hand-in-hand so that the system will always be ahead of hackers that may be targeting the ecosystem.

After the news of several attacks that were successfully launched on LastPass last year, I don't think it is smart to totally trust any password manager this day to prevent another data breach.

Meanwhile,  LastPass was not the only password manager that has been hacked, and for the record Dashlane, Keeper, 1Password, and RoboForm have been hacked either.

It's hard to know how secure these password managers are since it is hard and it will also be dangerous to trust there service safety. Having said that the best secure way to safe passwords will always be the old-fashion way which is offline.