Access codes are a safer and simpler alternative to passwords that have been promoted by Amazon, Apple, Microsoft, Meta and Google among other companies from different sectors. They are all united under the FIDO Alliance, which has the goal of developing and promoting authentication standards to reduce reliance on passwords. With these keys, users can access apps, accounts, and websites with a biometric sensor (such as a fingerprint or facial recognition), a PIN, or a pattern, eliminating the need to remember and manage passwords. Biometric data is not shared.
When a user adds a password to a Google account, the platform will request it whenever they sign in or when potentially suspicious activity is detected that requires additional verification. Access keys for Google accounts can be stored on compatible hardware, including Android devices (with Android 9 or higher), iPhones (with iOS 16 or higher), or any device that has adopted the open (and free) Google standards. the FIDO Alliance.
Using passcodes does not mean that you have to use your phone every time you log in. If you have several devices, the system allows you to create an access code for each one. Also, some platforms back up access keys and sync them with other devices. In case of logging in with a new device or to use someone else’s temporarily, there is the option of using a password stored on the mobile. This does not transfer the passkey to the new device.
When you create a passkey on a device, anyone with access to that device and the ability to unlock it can sign in to your Google account. The company acknowledges that this “may seem a bit alarming,” but believes that most people will find it easier to control access to their devices than to remember a password and always be on the lookout for hacking attempts. phishing. If you lose a device with a passkey, you can immediately revoke the passkey in your Google account settings.
Access keys use asymmetric or public key cryptography. With this system, when a user creates an access key, a public key and a private key are generated on the device. Google only stores the public key on its servers (which is of no use to an attacker). When you sign in, Google asks the device to sign with the private key and if the device approves, which requires unlocking it, you sign in. In this way, both identification and authorization are obtained without the need to memorize a password.
