Passkeys will replace passwords as they are safer and provide better protection against phishing attacks, said Google’s vice president Parisa Tabriz on Thursday.
The technology giant recently introduced passkeys for its Android operating system and web browser Chrome. The functionality was launched for members of Google Play Services Beta and Chrome Canary, while it will be available for general users later this year, the company said on October 12.
Android device users can create and use passkeys that are securely synced through the Google Password Manager. Developers can build passkey support on their websites for Chrome users via the WebAuthn API, a web standard published by the World Wide Web Consortium, on Android and other supported platforms.
Tabriz, who heads engineering, product, and design at Google Chrome, said passkeys are safer as they cannot be reused, do not leak in server breaches, and protect users from phishing attacks.
She said that nearly half of workers spend the majority of their day working on browser-based software applications, making it crucial to protect the browsers.
Passkeys are built on industry standards and work across different operating systems and browser ecosystems, and can be used for both websites and apps. Tabriz said the auto-fill password along with existing device screen locks such as the fingerprint to confirm log-in may take down the number of phishing incidents significantly.
“Some of what we are building in chrome is auto-fill the password. We still have ways to grow, but we have improved auto filled features. We have also recently launched virtual credit numbers, which replace the physical card number with a unique virtual card number for protecting online payments,” Tabriz said.
She said cybersecurity threats had increased since the beginning of the Russia-Ukraine conflict in February. “Google has also introduced a free defence program called Project Shield, under which over 200 Ukrainian websites have been protected from Denial of service attacks. Global ransomware damages are expected to exceed $30 billion by 2023. Asia is one of the worst impacted regions with 26 per cent of global attacks directed towards Asia.”
Google has also introduced the Chrome vulnerability reward program to find out security bugs present in its system. More than 500 security-related bugs have been reported as of now, while 696 researchers have received rewards worth $8.7 million for finding out vulnerabilities. “We cannot completely eliminate bugs from our systems, but we continuously reduce them as we launch the newer version of Chrome,” Tabriz said.