They’re called access keys and they’re set to change the way we relate to passwords and the challenges they pose. Google, Apple and Microsoft joined forces last year to put an end to passwords and it was precisely the big G who was the first to announce that passkeys would already arrive on Android phones by the end of 2022. If you are unsure what are access keys, how are they used and how to create one to replace a passwordIn this article, we will explain to you step by step.
What are access keys and how do they work?
Until a few months ago, password management was reduced to either creating our own passwords trying to make them as secure as possible, or opting for a password generator. Whichever option you choose, in order not to forget it, it is advisable to go to a password manager. In this scenario, we face risks such as forgetting them (if we have not stored them), reusing them, leaking them and, therefore, possible phishing attacks. Moreover, even two-factor authentication is not a guarantee of total security. In a world that is increasingly connected and dependent on digital services, managing passwords is a challenge And it is precisely from this need that access keys or access codes arise.
Security keys are created by authenticating our device. Or what amounts to the same: that to access a website or an application it will be necessary use biometric systems such as fingerprint or face or our PIN code, so that Google verifies our identity and allows us to enter. No more is needed.
Whether you use your face or PIN to access your account on a website does not mean that you send this sensitive information to a serversince, as detailed by Google’s engineering team “With access keys, the user’s biometric information is never revealed on the website or in the app. Biometric materials never leave the user’s personal device“. Similarly, access key protocols prevent information shared with sites from being used as a tracking vector, i.e. they do not allow tracking of users or devices across sites. and, moreover, they are not repeated between the different services.
For the creation of the password, Google, Apple and Microsoft have partnered with the Rapid Identity Online Alliance (known as FIDO for short), a consortium of technology companies, government agencies and vendors who have set themselves the goal of ending passwords, a goal they have been working towards for almost a decade. The conjunction of Google, Apple and Microsoft with FIDO guarantees the application of an industry standard that guarantees minimum security in terms of credential storage, recognition system and implementation security keys in different applications, services, operating systems and websites.
…but some passwords will still be valid. As we have explained in the paragraphs above, it is necessary for our Android phone to have a PIN code and/or a biometric system, so although we have considerably reduced the number of passwords in our daily life, we are still not saying goodbye to them completely.
What happens if my mobile is stolen? If the phone’s PIN and biometric systems are the key to everything, losing it can be an even bigger drama. Don’t panic (too much): in this case the thieves should unlock it. If they have to format the device to use it, access to your accounts is lost. In the worst case, if they have access to data to be entered without formatting, then there is a risk.
How to create a password
Google started rolling out passkeys late last year to Android and Chrome, so you can already manage them across different services. You don’t have to do anything special, but when you enter an app or website and it asks you to create an account or enter it, then a message will appear prompting us to create a certain passwordwhen we will have to verify our identity with biometric systems or the PIN code.
Once the process is complete, this password will be synced and saved securely in the Google Password Managerwhich will allow us to use it when we need it or export it to another device if we change our phone.
The next time we want to access this website or application, a screen will reappear with an interface very similar to that of Google AutoComplete that will suggest use the password entered previously and how to identify us.
Home | Photo by SCREEN POST on Pexels
In Xatakandroid | How to View Saved Passwords on Android
