Sarah JamesIn line with this passwordless vision, today, google announced that it is bringing passkeys to Chrome and Android, enabling users to create and use passkeys to log into android devices. Users can store passkeys on their phones and computers and use them to log in password-free.
Password-based security is an oxymoron. With over 15 billion exposed credentials leaked on the dark web and 54% of security incidents caused by credential theft, passwords aren’t effective at keeping out threat actors.
Passwords’ widespread exploitability has led a range of vendors, including Google, Microsoft, Okta, and last pass , to move toward passwordless authentication options as part of the fido Alliance .
For enterprises, introducing passkeys to the Chrome and Android ecosystem will make it much more difficult for cybercriminals to hack their systems.
Stopping credential theft with passkeys
The announcement comes after Apple, Google and Microsoft committed to expanding support for the passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium in March of this year.
This move toward passwordless authentication recognizes password-based security’s fundamental ineffectiveness. With users having to manage passwords for dozens of online accounts, credential reuse is inevitable.
SpyCloud discovered that 64% of consumers used the same password disclosed in one breach for other accounts after reviewing 1.7 billion login and password combinations.
Passwords must be removed entirely to lessen credential theft risk and the effectiveness of social engineering attacks.
Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They remove the risks associated with password reuse and account database breaches and protect users from phishing attacks. They are also built on industry standards, work across different operating systems and browser ecosystems, and we can use them for both websites and apps,” the post said.
It’s worth noting that users can back up and sync passkeys to the cloud. So that they aren’t locked out if the device is lost. In addition, Google announced that it would enable developers. To build passkey support on the web via Chrome and the WebAuthn API.
As interest in passwordless authentication grows, many providers are experimenting with decreasing reliance on passwords. For instance. Apple now offers users passkeys to log in to apps. And websites through Face ID or Touch ID, without a password. On iOS 16 and macOS Ventura devices.
At the same time, Microsoft is experimenting with its own passwordless authentication settings. These include Windows Hello For Business (biometric and PIN) and Microsoft Authenticator (biometric touch, face, or PIN). Both offer organizations passwordless user authentication capabilities which integrate with popular tools like Azure Active Directory.
As adoption increases, providers will be increasingly in pressure to offer more accessible passwordless authentication options.
The passwordless authentication market
With social engineering and phishing threats dominating the threat landscape, interest in passwordless authentication solutions continues to grow. Researchers anticipate that the passwordless authentication market will rise from $12.79 billion in 2021 to $53.64 billion by 2030.