Google begins prompting users to create passwordless passkeys by default - The next time you sign in to your Google account, you’ll be encouraged to set up a passkey for a faster, more secure login.

Google is making it easier for users to ditch passwords on their Google accounts in favor of passkeys — a fast, secure, and passwordless approach to logins that utilizes the pin, face, or fingerprint authentication built into your devices. Starting today, Google account users will be prompted to create a passkey for their account by default, sparing them from manually hunting through account settings for the setup process.
While the industry-wide goal is to eventually make passkeys the new login standard, Google says that passwords will “still remain part of our lives as we make the pivot.” As such, users can still choose to sign in to their Google account with traditional passwords and can opt out of using passkeys entirely by disabling the “skip password when possible” option for their account.

What are passkeys?​

Passkeys can replace traditional passwords with your device’s own authentication methods. That way, you can sign in to Gmail, PayPal, or iCloud just by activating Face ID on your iPhone, your Android phone’s fingerprint sensor, or with Windows Hello on a PC.
Built on WebAuthn (or Web Authentication) tech, two different keys are generated when you create a passkey: one stored by the website or service where your account is and a private key stored on the device you use to verify your identity.

Of course, if passkeys are stored on your device, what happens if it gets broken or lost? Since passkeys work across multiple devices, you may have a backup available. Many services that support passkeys will also reauthenticate to your phone number or email address or to a hardware security key if you have one.

Apple’s and Google’s password vaults already support passkeys, and so do password managers like 1Password and Dashlane. 1Password has also created an online directory listing services that allow users to sign in using a passkey.

Google has introduced passkey support to a range of its products over the last year, including Workspace and Cloud accounts and its Chrome web browser. Many leading websites and apps also support passkeys. You can find more information about where they can currently be used via this directory created by the 1Password password management service.

https://www.theverge.com/2023/10/10...ey-setup-prompt-default-passwordless-security

 

[Whoopsie Daisy]

Google can go fuck itself. I got locked out of account because even though my back-up account told Google it was me trying to log on, because I didn't log on using the same wifi network I used to create the password, it wouldn't have it.

When I tried to log on again using that wifi network, it was I was a hacker and even though I told it via security that IT WAS ME, they still locked me out unless I gave them my phone number and credit card.

I abandoned the account.

 

[Miller]

Just give us your fingerprint and a picture of your face, goy.

 

[augment]

Google of all the big tech big dicks get to push security reforms around yeah right. Drive still niggeringly expects all of my devices to be synced in on the same IP, or else it will refuse to work.

 

[Celebrate Nite]

You’ll be forced kicking and screaming

You know PC is still a thing, right?

You also know phone emulation on PC is a thing, right?

 

[Pilgrim of Grace]

There's nothing wrong with good passwords at all. And a PIN or a key fob are just as easily pilfered as a password.

Fingerprints can be lifted and facial recognition software spoofed with slightly more effort.

Spoiler: mild entropy sperg

Remember: Long is strong. N!gg3Rf@gg0t is not a large entropy pool, neither is d7$@nqt. Use an excerpt, a sentence, from a book (one you hate so no one will guess it) and you'll never have security issues. And you don't even have to use retarded special characters.

 

[General Emílio Médici]

Hahahahahahahahaha!

No.

 

[George Lucas]

Whenever these come up people love to talk about how much more secure it is from a password. When I ask how it’s more secure they proceed to spout off some technobabble gobbledygook which, although I’m able to comprehend, isn’t plain and simple enough to convince me this is more secure.

 

[Blasterman]

The more time passes the more I'm convinced going Internet-free will be the one and only option for freedom. For starters, go dumb on phones and avoid web cameras and Kikedows on your computer at all costs.

 

[Otis Mallebrok]

Fuck Google, fuck Microsoft and fuck Apple.

 

[Oilspill Battery]

I love the fact that if i lose my phone all of a sudden im locked out of all my important accounts.

Yeah that's actually horrifying to think about right? If it gets stolen, broken, lost, 99% of your shit is now gone and you're gonna have to go through great pains to get it back.

 

[Standardized Profile]

Password managers are for smooth-brains.

I keep my passwords in separate text files, each file encrypted to its own unique password. This way even if one of my passwords is compromised, the others are unaffected.

 

[xn--mck1c]

This seems like the most retarded shit ever, if theres software/devices that can spoof these methods, once your face/fingerprints/cockprints are compromised, do you need expensive surgery to secure your accounts?

The website pairs with your phone, the phone can then uses biometrics/passwords to approve login attempts.

You know PC is still a thing, right?

You also know phone emulation on PC is a thing, right?

With regards to trying to opt out of their stuff:
They are attempting to do the same lockdowns for PCs though, see the Web Environment Integrity thing. It's enforced by baking Google's certificates at the hardware manufacturer level only for approved hardware (which enforces running only approved software).
A similar thing is what makes it already no longer possible to fully emulate Android phones on PCs (SafetyNet attestation), with the same system detecting "unauthroized" software changes.

 

[Return of the Freaker]

Never even heard of this. In any event, fuck off, go away, plz die. K thanks.

Its the same thing where you use a pin, fingerprint, facial recognition, or physical key/token. Just for desktop login, for some other things you still need your password and you can still login with the password. My company has this for employees with their own PC

 

[feral cat #6385]

There's nothing wrong with good passwords at all. And a PIN or a key fob are just as easily pilfered as a password.

Fingerprints can be lifted and facial recognition software spoofed with slightly more effort.

Spoiler: mild entropy sperg

Remember: Long is strong. N!gg3Rf@gg0t is not a large entropy pool, neither is d7$@nqt. Use an excerpt, a sentence, from a book (one you hate so no one will guess it) and you'll never have security issues. And you don't even have to use retarded special characters.

I would prefer to use something like 887F8BA06F88048EE7FFD954ED@1BECD6. And I like special characters.

 

[sadrefrigerator]

Passwords never really worked for the majority of the population. It only became the standard authentication method because there was no other options early in the internet. Most people don't know any of their passwords and are completely fucked when their device or websites logout. A step above that are the people who use the same password for everything or write down their password on a piece of paper. Very few people have good password practices, and even by using a password manager, you are outsourcing your authentication to a 3rd party. It's better than making shit passwords, but it introduces different risks. Passwords will never work correctly as a standard of authentication.
Nowadays services outsource their authentication using oauth, but once anyone loses access to their main account, they lose access to everything. It's a constant battle against stupidity.

 

[AgendaPoster]

Just give us your fingerprint and a picture of your face, goy.

Considering basically all modern phones that can run modern apps have a fingerprint reader, you're basically screwed without using it.
It's also your voice, although that's optional, just like your face, you can generally make do without Assistant and selfies.
It can be worse, though. Garmin probably has a decade of my heart rate data and more. Most patient data at the hospital is uploaded to some sort of cloud structure, and it's far, far worse secured than Google and contains an insane amount of personal info. Even dentists nowadays upload xrays and pictures of before-after and more to various apps, with 1000 security holes.

 

[Oilspill Battery]

Hottest of scalding takes, but I'm all for this. Currently if anything happens to your phone you are completely and utterly fucked, because you're instantly locked out of 80+ accounts with 28 factor authentication and getting them back one by one will be a fucking bitch.

Phones today come standard with fingerprint readers and face recognition software is everywhere plus its safe to assume they already have your voice.

If you've ever touched a phone/used a webcam they already have your voice, face and fingerprint, may as well put them to good use in a way that actually benefits normal people for once.

Still keep passwords as an option though, more options are always good.

 

[Pilgrim of Grace]

And I like special characters.

But you've only used one!

What aren't you telling me?

 

[anustart76]

KeePass is a free open source password manager availible on Linux, Windows, and Mac. Retards be warned: it does not use the cloud, so it is up to you to manually update your database on individual devices and you will lose everything if you somehow forget your master password. There is no recovery process.

Use KeepassXC, that's the most up-to-date fork. For Android you can use KeepassDX. You can sync your password database easily by using SyncThing, no cloud needed.
But yes, you cannot recover your master password, so choose something you can remember.

 

[POWER IN MISERY]

all of my passwords are tattooed on the ass of my filipino fuck slave. you will not have access to my accounts.