Google's New Passkey Support Means Never Having To Remember Your Password

Ink Drop/Shutterstock

By Alex Hevesy/May 3, 2023 10:35 am EST

Passwords are annoying, but they are often a necessary evil in the world to keep all of your accounts and data secure. However, even the most complex password generation can't protect you from phishing attempts where bad actors can forge emails to look like legitimate ones. 

Plus, secure passwords can't protect you from data leaks or breaches, which can happen even with the biggest companies and services. Alongside that, two-factor authentication, identifying street signs on a Captcha to prove your not a robot, and other ways of verifying your identity are just flat-out annoying.

To partially mitigate the annoyance and inherent security risks with passwords, Google is doing away with them, and introducing a passkey system, according to Google's security blog. With a passkey, Google won't ask you for a password anymore when logging into your Google accounts, and will instead allow you to create a PIN or use biometrics like face recognition or your thumbprint to log in. For an extra measure of security, the PIN and login info is locked to that specific device.

Tero Vesalainen/Shutterstock

If you still want to log in using a password, there is no need to panic, as passkeys are optional for now — some devices don't even support it yet, according to Google. The new system allows you to create passkeys for multiple devices, and it's shared between iCloud accounts for Apple users.

Google makes provisions for using someone else's device temporarily (i.e. using a library computer, or accessing your email). You can either create a passkey for that device and revoke it when you're done, or you can log in using your phone and temporarily authenticate that device with a one-time login. Google then allows you to use this device by both prompting you to take a picture of a QR code with your phone, and ensuring that the device is nearby with Bluetooth. 

According to Google, the passkey system works by storing an encrypted key locally on the supported device. This means that even if someone had access to the PIN, they could not access your account, as they need both the key and the physical device. The key can also be synced between Google Password Manager and Apple's iCloud keychain.

Recommended

5 Internet Banking Tips You Need To Know To Keep Your Info Safe

fizkes/Shutterstock

By Keyede Erinfolami/July 9, 2022 5:00 pm EST

Every day we rely a little more on the internet to do essential things: we work, shop, connect with others, and even manage our money online. With this dependence comes a legitimate concern about security and privacy — especially when we're talking about your hard-earned money. Online banking is simple and convenient; rather than spending hours in a physical bank dealing with paperwork, you can track and manage your funds with a few clicks from your smartphone.

Unfortunately, online banking makes it just as convenient for shady characters to compromise the security of your funds. Criminals don't need to plan an elaborate heist to rob banks anymore — all they need to do is get ahold of your personal information to potentially siphon funds from your bank account. Although most banks have solid security measures in place to prevent fraudulent activity, there are some things you can also do to help keep your information safe online.

TatnattanPhotos/Shutterstock

Passwords are a headache to memorize and manage, so many people resort to using character combinations that are easy to remember and then repeat the same password across most or all of their online accounts. The stats prove just how common this weak security strategy is. A Google study published in 2019 in conjunction with The Harris Poll found that 13% of people in the U.S. reuse the same password across all of their online accounts and 52% reuse passwords across multiple accounts.

Using that strategy with your online banking password will put you in serious jeopardy. Hackers are continually attempting to brute-force their way into online accounts, so if your password is frequently used or easy to guess, you run a higher risk of getting hacked. To be safe, you want to change your password at least every 90 days. Also, make sure you're using a strong character combination. Here are some tips to guide you in choosing a hack-proof password (via Google):

1. Use longer passwords.

2. Create a mix of upper and lowercase letters.

3. Include numbers and special characters.

4. Do not use common password combinations, such as "1234" or "passw0rd."

5. Do not use personal information, such as your name, birthday, pets' names, etc.

Some platforms will let you know how weak or strong your chosen password is, but if you're signing in to one that doesn't, you can use a password checker like this one from Kaspersky to test its strength. Also, we advise that you use a password manager to, well, manage your passwords.

Song_about_summer/Shutterstock

Never open your banking platform by tapping or clicking a link in an email even if the message looks legitimate. Some hackers send out phishing emails that look similar to the ones your bank sends in hopes that you'll enter your login information on a fake website. To avoid becoming a victim of such phishing attacks (via ABA), always retype the genuine URL into your browser before using it. That, or you could bookmark your bank's authenticated website so you can be sure that you're using the right one each time.

If you ever decide to open an email link, hover over it for a brief second. Usually, you'll get a preview of the destination URL and then will be able to decide whether it is legitimate. Also, ignore any emails that ask you for personal information like credit card details or any other sensitive information. As a general rule, banks will not ask for your details via email due to the security risks involved. If you do get an email asking for information, call your bank to verify that the request is legitimate before sharing any details.

Jirsak/Shutterstock

Two-factor authentication — more commonly called 2FA — is a security measure that requires an extra level of verification beyond just a password. The second factor could be a unique number that you'll receive as a one-time code via SMS, an automated phone call to confirm your account, a prompt that pops up in an authenticator app, or something similar. If you have 2FA enabled, hackers or identity thieves would have difficulty accessing your online banking platform even if your password was leaked. 

In addition to helping keep your online banking details safe, two-factor authentication is a staple security measure for all your other online accounts, too. If you haven't already, here's why you should always enable two-factor authentication. For many of us, 2FA seems like another hoop to jump through before we can access our accounts, but the good news is that the FIDO Alliance is working on phasing out passwords for good. Some day passwords and their accompanying problems will likely be gone, but until then, you should enable 2FA to be extra safe.

A_stockphoto/Shutterstock

It's fairly common knowledge that public Wi-Fi is a security risk. Why? Hackers can set up Wi-Fi hotspots for users to connect to and use in order to steal any unencrypted data sent over the network. As well, some sensitive data may be discoverable on a public network being actively monitored using sniffing software (via EFF). Because of this risk, it's best to avoid using your online banking platforms when you're on a public Wi-Fi network. 

If you don't have any other option, make sure that you take measures to keep your data safe. For example, always check that you are browsing secure sites by looking for "https” in the site's URL, which triggers the lock icon in your browser. Also, use a virtual private network (VPN) every time you have to connect to public Wi-Fi. VPNs use encryption protocols to scramble your data and render it unreadable when it's sent over a public network. Without a VPN, an internet service provider — or worse, a hacker — may be able to see which websites you visit while connected to the Wi-Fi network.

mialapi/Shutterstock

We all get too many pesky notifications on our smartphones every day and you may be tempted to opt out of receiving alerts from your bank as a result, but that's not advisable. Even if you decline to receive promotional emails, you should always sign up for instant notifications about any new activity on your bank account (via Experian). Most banks allow customers to choose which alerts they want to receive, and the categories you should always sign up for include:

• New credit and debit card transactions

• Login attempts

• Password modifications

• Personal information updates

If you get an alert about suspicious activity on your account, contact your bank immediately and, if possible, temporarily freeze your account so that new transactions can't get through. Online banking is convenient, no doubt, but it also opens you up to the risk of losing sensitive data and even money. If you haven't already, implementing all of these tips may help ensure your banking information does not end up in the wrong hands.

Recommended