In the ever-evolving digital landscape, the traditional password has long been the gatekeeper of our online identities. From email accounts to social media profiles, passwords have been the first line of defense against unauthorized access. But recently Google has announced a paradigm shift in its approach to account security that could signal the beginning of the end for the humble password.

What has Google done?

Google has unveiled its plan to roll out passkey support for Google Accounts, an innovative security measure that could eventually replace the need for passwords completely. This new authentication method will allow users to sign into their accounts not with an alphanumeric password, but with a biometric or device-based passkey, such as a fingerprint scan, a face scan, or a screen lock PIN.

Passkeys are set to become an additional sign-in option, complementing existing methods such as 2-Step Verification (2SV). However, the ultimate goal is to make passkeys the primary mode of access, eliminating the need for both passwords and secondary authentication measures.

Passwords vs. Passkeys: Weighing the Pros and Cons

Let’s consider both the advantages and disadvantages of passwords and passkeys to understand why Google is making this move and what it could mean for online security as a whole.

Passwords

Passwords, as we know them, have served us well. They are flexible, easy to implement, and, when used correctly, can provide a decent level of security. Passwords are an internet stable because they:

  • Are universally accepted and easy to use;
  • Can be complex and difficult to crack if properly constructed.

However, they have their drawbacks:

  • Vulnerable to phishing, brute force attacks, and data breaches;
  • Can be forgotten, leading to account lockouts;
  • Users tend to reuse passwords, or set weak passwords, which increases security risks.

 Passkeys

Passkeys, on the other hand, bring a new level of security and convenience. They’re designed to be inherently more secure and user-friendly and provide several advantages:

  • More secure: Biometric data is unique and difficult to replicate, reducing the risk of unauthorized access.
  • Convenient: Users do not need to remember complex passwords.
  • Resistant to common online attacks such as phishing.

They have, nonetheless, some problems:

  • Biometric data, once compromised, cannot be changed like a password.
  • Not all devices are equipped with the necessary hardware for biometric authentication.
  • Biometric Data Privacy: The use of biometric data raises privacy concerns for some users.

While passkeys are more secure, companies must ensure that they store and handle biometric data responsibly and comply with relevant data protection regulations. Under the GDPR, biometric data is considered a special category of personal data and their processing involves additional legal requirements and requires extra security measures.

Should Your Company Follow?

Given the increasing prevalence of data breaches and online attacks, companies must constantly reevaluate their approach to digital security. In the light of Google’s move, it might be time to consider whether passkeys could form part of your company’s security strategy.

Companies that handle sensitive data or those that have a mobile-centric user base may particularly benefit from implementing passkey authentication, as it provides an additional layer of security and a user-friendly authentication method.

However, it’s important to remember that every company is unique, with its own specific security needs and customer expectations. While passkeys offer a promising new approach to account security, they are not a magic bullet. Like any security measure, they should be considered as part of a broader, multi-layered security strategy.

Transitioning to passkeys will also require careful planning and clear communication with users. It’s crucial to educate users and employees about the new authentication method and address any potential privacy concerns associated with the use of biometric data.

In conclusion, while Google’s shift away from passwords is a significant development in digital security, it’s not necessarily a one-size-fits-all solution. Companies should carefully consider the benefits and drawbacks of passkeys in the context of their specific security needs, customer expectations, and regulatory challenges.

Thinking of implementing passkeys in your organization?

The deployment of passkeys must be prefaced by a meticulous evaluation of the regulatory landscape and the privacy rights of prospective users. Our team of data privacy experts can help you conduct an exhaustive impact and risk assessment, thus determining the optimal security protocols to implement and ensuring adherence to the regulations pertinent to this technology. Furthermore, we offer comprehensive training sessions to employees engaged in this transition, sensitizing them to the various security and privacy implications involved.